On 22 May 2010, Laszlo Hanyecz, a programmer from Florida, paid 10,000 bitcoin for two pizzas from Papa John's. Bitcoin's market price was still finding its feet, and the cryptocurrency was almost never used in everyday transactions. The order was placed on his behalf by a 19-year-old Californian named Jeremy Sturdivant, found over the internet, who put the 41 dollars on his own credit card. Hanyecz transferred him 10,000 bitcoin in return. He knowingly paid far more than the order was worth. What he wanted, above all, was to demonstrate that bitcoin could function as a public medium of exchange. By that measure, the transaction did its job.

The episode entered history as Bitcoin Pizza Day. It was the first time anyone had used a digital record of value — one operating outside the state, outside any central bank, outside the conventional payments system and outside the regulated financial market — to buy a physical good. That fact alone gave the event its symbolic and historical weight.

By mid-May 2026, those 10,000 bitcoin would be worth roughly 800 million dollars. Not because the state has, in the meantime, declared bitcoin a safe and fully admissible financial instrument, nor because some single, comprehensive statute has tidied up the market. Bitcoin's value is the product of a long social and technological process. For sixteen years, programmers, investors, entrepreneurs, users, speculators, idealists and opportunists have been testing the technology, making mistakes, building infrastructure and finding new uses for it.

Because crypto-assets emerged as a bottom-up order, regulation cannot "establish" them; it can only deform them or allow them to develop. In Poland, where regulation is mandatory under European Union law, the real risk is not the absence of control but the creation of a regime that ends up sanctioning the market's exit from the state's reach — and depriving the country of any influence over its own technological transformation.

In the traditional world of finance, a category first emerges within a fixed legal order; supervisory infrastructure is built around it — licences, prospectuses, reporting duties, custodians, intermediaries — and only then does the instrument reach a wide market.

With crypto, the order was reversed. Bitcoin came first: in 2008 it existed only as a technical paper describing how to send digital value without banks or other intermediaries. It became a living network in 2009, when the first participants ran the software. Users gathered around it, then a market formed, and only recently — once the scale became impossible to ignore — have state institutions been allowed a voice.

Bitcoin, Ethereum and stablecoins were the product of a technological experiment, not an administrative plan. That does not mean the state has nothing to say. It does suggest, however, that it might say it with a degree of humility.

Law and economics have long observed a phenomenon one might call order without a designer. Peter Boettke, professor of economics at George Mason University and one of the most influential contemporary scholars of market institutions and spontaneous order, argues that the most durable institutions — money, commercial norms, customary law — are rarely the result of conscious planning. They emerge from the bottom up, through interaction among participants who hold locally grounded, dispersed knowledge that cannot be centralised. An institution designed from above must replace that knowledge with assumptions; one that emerges from practice already contains it.

Richard Posner, an American federal judge and co-founder of the law-and-economics school, added a normative dimension: a law should be judged not by the legislator's intentions but by the effects it produces in the real world. A regulation whose justification sounds reasonable but which in practice pushes participants beyond supervision, raises costs for the most vulnerable, or blocks innovation without any social gain is a bad regulation, however noble its stated aims.

Cryptocurrencies fit both perspectives easily. They emerged from below, without a central plan, in precisely the manner Boettke described as typical of durable institutions. Their value and significance are visible in everyday practice: in the cost of cross-border transfers, in real access to financial services, in the ability to shield savings from confiscation by an authoritarian state. A regulator who ignores both lessons — applying off-the-shelf legal templates to a phenomenon born of practice, and judging it by intentions rather than outcomes — has already chosen the wrong method, before getting anywhere near the details.

Cryptocurrencies are most often associated with speculation and price volatility. Their real value, however, shows up in places like cross-border payments made by migrants. In 2024 the global remittance market was approaching 900 billion dollars a year. Two-thirds of that went to low- and middle-income countries. The average fee on a 200-dollar transfer is 6.5%; through a bank, it exceeds 9%. Stablecoins do the same job for a fraction of a percent, in minutes. The Bank for International Settlements estimated cross-border stablecoin volumes in 2025 at over 400 billion dollars. In Ukraine, stablecoins account for almost 3.5% of GDP — the highest share in the world.

Poland is among Europe's fastest-growing crypto markets. In October 2025, Chainalysis published a report finding that the total value of crypto received by Polish users rose by 51% between July 2024 and June 2025. Chainalysis attributes the growth to a rising number of individual users adopting crypto for everyday transactions and cross-border remittances, not to inflows of institutional capital. That sets Poland apart from Germany, where crypto's growth has been driven by financial institutions in the wake of MiCA, and from Russia, where high-value transactions dominate.

In Poland, then, crypto serves as payment infrastructure for ordinary users rather than as a channel for large institutional flows. Even so, the subject is almost absent from domestic public debate, because the financial regulator views crypto primarily through the lens of risk rather than usefulness. Seen through the prism of Polish competitiveness in a globalised economy, that is an oversight with real consequences.

The second concrete fact that Polish debate routinely overlooks is moral in nature. Since 2020, the Lukashenka regime has been freezing the accounts of opposition figures, independent media and NGOs. Over the same period, Poland has taken in more than a hundred thousand political refugees from Belarus. Crypto is often portrayed in this debate as a tool of criminals or sanctions-evading regimes — a function that does indeed exist, as UN reports on North Korea document. But the same instrument plays a symmetrically opposite role: when the Russian authorities closed the accounts of the Navalny Foundation, when the Nigerian government froze the assets of #EndSARS organisers, when Venezuelan humanitarian groups could no longer operate through the banking system, bitcoin proved to be the only available infrastructure. Human Rights Foundation, CSIS and the Journal of Democracy have documented the pattern in dozens of countries. The tool a regime uses to dodge sanctions is the one its citizens use to dodge the regime. A Polish lawmaker who, in pursuit of declared aims, drives providers abroad, users into informal channels and the activity itself beyond supervision is not protecting these people from the technology — they are stripping them of the only infrastructure they can rely on.

Most of the value crypto has produced was created before regulation, alongside it, or in spite of its absence. A public settlement network without a central operator; the ability to store value without an intermediary; programmable assets; global access to financial infrastructure; a market open round the clock and across borders — these achievements are imperfect, risky and frequently overhyped, but real. That is precisely why a regulatory error is so easy to make: to treat a sector still in adolescence as a mature market that simply needs the standard duties imposed upon it.

MiCA, the EU's regulation on markets in crypto-assets, is sometimes presented as the natural next step in the market's maturation. There is some truth in that. After collapsing exchanges, scandals, manipulation, abuse and lost savings around the world, the political case for regulation became obvious. The crypto market never consisted solely of engineers building the future of finance and ordinary users. It also became a vehicle for greed — dishonest marketing, conflicts of interest, deliberate concealment and breaches of customer trust.

That does not mean every regulation is well calibrated, or that its scope, costs and underlying philosophy are neutral. Regulation is an institutional choice that answers concrete questions: whom do we trust, which risks do we accept, whom do we protect, on whom do we impose the costs, which forms of innovation do we treat as useful and which as suspect.

The European Union opted for a comprehensive solution. Token issuers, service providers, exchanges and intermediaries are to operate within a framework of licences, organisational requirements and supervision. It is a middle path between prohibition and full freedom — sensible, but not the only option.

Several alternatives existed: enforcing existing civil, criminal and consumer law against bad actors instead of building a new regime from scratch (the American approach); creating regulatory sandboxes; allowing greater diversity of approach among member states; clearly separating technical infrastructure, investment instruments, payment services and pure speculation, which today fall under the same rules despite differing in function and risk.

If the Union had a choice, it is fair to ask whether it chose well.

At the European level, the argument has been settled: MiCA applies, and the market must adapt. The remaining question is how Poland has handled it.

The answer is uncomfortable. MiCA has applied in full since 30 December 2024, and the EU's transitional period runs until 1 July 2026 — and no national statute can change that. The trouble lies elsewhere: Poland still has no body designated by law to issue CASP licences, even though EU law requires it.

The first government bill, passed by the Sejm in November 2025, was vetoed by the president in December. The second, in a watered-down form, was vetoed again in February 2026; an attempt to override that veto in April fell short, with 243 votes for the required 263. The Sejm passed a third bill on 14 May 2026 and the Senate accepted it without amendment — weeks before the EU deadline.

Over the same period, 23 countries in the European Economic Area issued nearly two hundred licences for crypto-asset service providers between them. Germany: 53. The Netherlands: 25. France, Norway, Malta, Spain, Lithuania and Austria: a dozen or so each. Poland: zero.

Polish debate about crypto rarely concerns the future of the technology, the competitiveness of the market, the institutional standing of the state, or how to attract talent, capital and entrepreneurs. It concerns, rather, how to limit the regulator's reputational risk, how to close liability gaps, how to demonstrate the state's severity, how to assemble the toolkit of control. In economic law, however, there is always a line beyond which the instrument of protection becomes itself a source of risk.

The clearest example is the discussion of freezing client funds without prior court approval. Proponents of strong administrative powers argue, seriously, that judicial procedures take time the market does not allow. Equally serious, however, is the constitutional question: how deeply may an administrative body intrude on property and on the freedom to dispose of assets without independent judicial oversight? If the answer is "very deeply, because crypto is dangerous", that is not, properly speaking, a legal argument. It is a sense of threat — an emotion, in other words — dressed up as a principle.

In a democratic state under the rule of law, speed cannot wholly replace safeguards. One can create urgent procedures, provide for retrospective judicial review, set short deadlines, differentiate among precautionary measures. What one cannot do is pretend that because a market is digital, the standard of protection for fundamental rights can stay analogue, simply because that suits the administration.

The costs of regulation are equally problematic. In Poland they are often discussed as if they were the industry's problem alone — and that is a mistake. Regulatory costs translate, for a firm, into the cost of entering the market, of scaling, of legal services, of raising capital, of likely delays and of dispelling uncertainty. For financial giants they are an easily borne expense; for small, innovative firms they are a barrier that cannot be crossed. The result is that costly regulation does not eliminate risk; it concretes the market in place, driving young talent and tax revenue into more predictable, or simply friendlier, jurisdictions.

The government bill passed by the Sejm on 14 May 2026 provides for an annual supervisory fee of up to 0.4% — calculated, admittedly, not on full revenues but on the margin earned on crypto-asset transactions, but still among the highest in the EU. By way of comparison, France charges a flat 10,000 euros a year regardless of scale, and the Czech Republic has dispensed altogether with passing supervisory running costs onto licensees. Italy, the only other EU country to use a percentage model, charges 0.6% but on a significantly narrower base. The fact that the presidential bill set the rate four times lower than the government's (0.1% instead of 0.4%, with a minimum of 500 euros) is the clearest possible illustration of how deep Poland's decision-making paralysis runs on the question of competitive advantage.

This is not a lament for entrepreneurs but a question about the institutional competitiveness of the state. Building a regime that is expensive, suspicious and slow will not eliminate risk. The Polish user will simply turn to platforms registered elsewhere, and the state will lose everything: tax, jobs, influence over the market and the priceless ability to learn a new technology. Excessive rigour will not protect the consumer; it will only ensure that Poland is left out of the digital revolution.

The worst-case scenario is not that Poland will have a regulation. It is that Poland will have a regulation heavy enough to deter legitimate operators, but not nimble enough to curb abuse.

Polish crypto debate harbours a deep internal contradiction. On one hand, crypto is presented as too risky to be admitted directly to the regulated market. On the other, the financial system has already found ways to offer it to investors through the back door. Instead of buying bitcoin and holding it themselves, the customer buys units of a fund, certificates or other financial products. Formally, then, the customer does not own crypto — they own a traditional financial product. Their money is exposed to bitcoin's price fluctuations exactly as it would be on a direct purchase, but bitcoin enters the system only in a wrapper the regulator already knows, understands and controls.

Globally, the symbol of this shift has been spot bitcoin ETFs — funds that buy actual bitcoin, not just products linked to its price. American regulators admitted them to trading in January 2024. The largest financial institutions entered the market not out of any sudden conversion to monetary anarchism. They were driven by plain pragmatism: investor demand and market scale had reached a level that could no longer be ignored.

Poland looks different. The Polish Financial Supervision Authority (KNF) accepts funds investing in products linked to crypto prices, but direct purchase of bitcoin itself by regulated institutions — even on behalf of professional investors — meets serious resistance. To the regulator, the risk of price movement is one thing; the risk of holding the cryptocurrency itself is another. By buying a derivative product, a fund avoids the technical problems of holding bitcoin directly, the responsibility for safekeeping, the risk of technical error and the need to deal with unregulated exchanges.

The result is a curious anomaly: domestic institutions may legally trade paper promises tied to the bitcoin price, but they may not hold bitcoin itself.

Hence a fundamental paradox: the state does not trust the cryptocurrency, but it trusts the institutions that build their products on its volatility. It does not trust the technology, but it trusts the legal documentation describing the technology. From the standpoint of investor protection there is something to be said for this: the intermediary is supervised, has disclosure and capital duties, and the client is shielded from outright loss. From the standpoint of market development, it is a deeply conservative model: innovation is acceptable only once it has been wholly absorbed by the traditional system.

Therein lies the heart of the matter. Crypto did not acquire its global standing because it gave investment funds another product to wrap. It did so because it called into question the very need for an intermediary. If the state's only response to that innovation is to require a return to traditional institutions as the price of acceptance, regulation does not so much order the new technology as quietly neutralise its most disruptive element.

While politicians argued, paragraph by paragraph, over the bill, the market gave Poles a painful practical lesson. In April 2026, customers of Zondacrypto — Poland's largest crypto exchange, operating under an Estonian licence (BB Trade Estonia OÜ) — began complaining that withdrawals had stopped.

The scale of the problem quickly outgrew the category of isolated incidents. Independent analysis by the firm Recoveris found that the balance of Zonda's bitcoin hot wallet had fallen by some 99.7% between August 2024 and March 2026. In a matter of months, more than 21 million dollars were transferred from the platform to a competing exchange, Kraken. At its peak the platform served as many as 750,000 Polish customers; today the figures discussed are around 1,500 people with frozen funds and losses running into millions of zloty.

The chief executive, Przemysław Kral, publicly admitted that the company had lost access to one of the key wallets and that client funds had been used unlawfully. That wallet is said to hold around 4,500 bitcoin, worth nearly 330 million dollars. Access to it is reportedly held by Sylwester Suszek, the founder of BitBay — Zonda's predecessor — who has been missing since 2022. In April 2026 the Regional Prosecutor's Office in Katowice opened an investigation into large-scale fraud and money laundering.

The case acquired a political dimension in short order. Prime Minister Donald Tusk spoke in the Sejm of the exchange's links to the Russian mafia and of years of inaction by the security services. The Presidential Palace defended the earlier vetoes, arguing that the government's proposals went beyond MiCA and would have hit entrepreneurs. Critics replied that earlier adoption of regulation might at least have limited the damage.

Spring 2026 polling shows responsibility distributed widely: most Poles blame the exchange's management and owners, but a substantial share also points at the state and the president for the absence of regulation, or at the government for institutional inaction. At the same time, more than 80% of respondents oppose any public assistance for those affected, on the view that investors took the risk knowingly.

The platform operated under the Estonian licensing regime, which before MiCA was among the lightest in Europe: no capital requirements, no mandatory segregation of client funds, no audit of reserves. Polish supervisors had, however, already filed a criminal complaint about a predecessor operator back in 2018. The proceedings stalled for years. Regulation, in other words, existed; for a long time, enforcement did not.

In the public mind, crypto was once again tied to crime, the grey economy and the state's loss of control. For politics, that is a convenient shortcut: a complex problem reduced to a single message — we need more regulation.

Yet a scandal at one institution does not prove the technology as a whole is suspect. A banking crisis does not invalidate the idea of a bank account; capital-market fraud does not make shares an inherently flawed instrument.

The irony is that regulation is held out as a panacea, even though it does not remove the underlying sources of risk. It does not stop crypto narratives being put to political use, nor does it halt the flight of risk beyond national jurisdiction. What is more, Zonda itself spent years opposing tighter rules — and went under thanks to precisely the gaps it preferred to leave open: no segregation of assets, no reserves, no audit.

Almost wholly absent from the debate is another, somewhat heterodox model of regulation: one that does not merely set duties in a statute but encodes them in the technology itself. One can imagine supervision that conditions the granting of a licence on requirements enforceable in code: segregation of client funds guaranteed by smart contract; public proof of reserves, published periodically on-chain; withdrawals requiring multi-party authorisation and time delays. This is not futurology; it is the practice of some global platforms today. The Polish bill does not even consider such tools — not from any want of will, but from a want of vocabulary in which to describe them.

Safety is not produced by statute alone. It is, more often, the product of enforcement. Regulation can limit risks, increase transparency and provide tools for intervention. It can weed out the weakest players. But to promise society total safety is to build a dangerous illusion. Supervision is not insurance against reality. The greater the political pressure to provide such safety, the greater the risk that the response will be excessive caution that hampers development rather than ordering it.

That leaves supervisory institutions in a difficult position, caught between political expectations, public pressure, responsibility for market stability and the limits of their own mandate. In such conditions formalism and caution are the natural choices. The question is whether earlier institutional decisions have not narrowed the room for manoeuvre today.

If for years crypto has been described only in the language of threat, it is hard to suddenly devise a strategy for adoption. If the debate has been dominated by the logic of protection from risk, talk of competitiveness rings hollow. If supervision has cast itself as a border guard rather than as the architect of a market, in a crisis it can only reinforce the gate, instead of designing the city.

This is a textbook case of path dependence: the sum of locally rational decisions yields a strategically weak outcome.

Today, Poland may settle into a small equilibrium. The industry will grumble; it will either adapt or leave. Supervisors will get their tools and will be able to demonstrate activity. Politicians will declare that the state has regained control. The public will feel that lessons have been drawn from a disastrous scandal. Lawyers and consultants will have plenty of work implementing the new rules. On paper, everything will look fine.

The only thing missing from this small equilibrium may be the most important thing of all: the conditions for growth.

The question is how to build, around MiCA, an environment in which firms, skills, products, applications and trust capital come into being. Is Poland to be a place to which entrepreneurs come, or one from which they leave? What is the point of learning new technologies, and is it really better to describe them in the language of suspicion? Will supervision remain a filter for risk, or will it become, in addition, a participant in institutional competition?

In January 2026, the chair of the supervisor publicly rejected any part in a "race to the bottom" in which countries compete by lowering licensing barriers. The position is worth treating critically. The race to the bottom is well documented in comparative law — in the context of tax havens or flags of convenience in shipping. In EU financial markets, however, there is no strong empirical evidence that this mechanism actually predominates.

What we observe is, rather, a sorting of firms among jurisdictions. Operators choose places where the bundle of regulatory, tax and institutional incentives best matches their risk profile and business model. That is not a race to the bottom but the revealed preferences of a market under conditions of jurisdictional competition.

What is more, in the case of a fully harmonised regulation such as MiCA, the opposite mechanism applies: a large internal market exports standards. The race-to-the-bottom argument should therefore function not as a conclusion but as a hypothesis, requiring empirical verification.

Institutional competition does not mean cheerleading for crypto. The state does not need to become an industry advocate. The point is something more basic: an awareness that in a world of mobile capital, technology and talent, jurisdictions compete on the quality of their rules. Stability is a value, but stability alone is not enough. One can preside over a stable order from which the most creative ventures depart.

First, institutional specialisation in the supervision of digital assets. Three models exist in global practice: a dedicated regulator (Dubai, since 2022); internal specialisation inside an existing supervisor (Singapore, Hong Kong); and a licence designed from scratch around digital-asset architecture, with technical requirements built in at protocol level (Wyoming). MiCA introduces a separate CASP licence category, but it adapts classical prudential requirements to a new asset class rather than designing a licence around the technical specifics of crypto. The KNF is building none of these forms of specialisation. The first dimension of the problem is one of competence: who, and within what structure, is actually to supervise this market.

Second, the preventive character of supervision. Classical financial supervision works after the fact. In a digital model, prevention is possible: the regulator conditions the issuance of a licence on requirements enforceable in the infrastructure itself — client-fund segregation in a smart contract, periodic on-chain proof of reserves, multi-party authorisation and time-locked withdrawals. These solutions are already in use on some global platforms. The Polish bill does not consider such tools — not from a want of will, but from a want of vocabulary to capture them. The second dimension concerns not who supervises, but when: only at the moment of breach, or already in the architecture of the service admitted to the market.

Third, regional Central European supervision in a CEE-4 or V4-plus format. For the crypto market, the Polish regulator is too small to compete with Germany's BaFin or the Netherlands' AFM, which together have issued more than a third of all CASP licences in the EU. ESMA, which over the next few years will centralise EU supervision, is too large to retain local sensitivity. A joint body of several regional states would share the costs of building expertise, give the region a negotiating mandate in Brussels, and remain a reversible option in the period before full Europeanisation. The theoretical frame for such arrangements — functional, overlapping and competing jurisdictions — was already laid down by the economics of comparative federalism in the mid-1990s. The third dimension is therefore territorial: at what geographical scale can effective supervision be exercised over a market that is cross-border by definition.

None of these paths has been advanced as a serious proposal in the Polish debate. Not because they are unworkable, but because the existing institutions create no incentives to author them. It is the classic pathology of a process in which the costs of decisions are detached from the decision-makers. Here the costs are borne by the market, not by the supervisor. Just as optimisation within the small equilibrium is rational, optimisation toward the larger one demands acts that, in the present arrangement, no one has any motive to perform. And the longer we wait, the narrower the larger equilibrium becomes — because part of the market that could have been an object of Polish policy is already beyond Polish jurisdiction.

The greatest illusion is the belief that crypto adoption can be permanently halted. It can be delayed. It can be pushed into other jurisdictions. It can be made more expensive. It can be channelled through foreign platforms, funds, ETFs and intermediaries. The narrative that this is suspect, not-quite-serious territory can be sustained. What cannot be undone is that digital assets have become part of the global financial system.

Bitcoin need not replace state money; tokenisation need not make sense in every case; DeFi is not automatically safer than banks; and the world of crypto is not an enemy that will "defeat" the traditional system. None of that alters the plain fact that a new layer of financial and property infrastructure has emerged, one that cannot be reduced to a passing fashion.

Acceptance of crypto need not be ideological. One may, without being a libertarian, grasp the importance of currency competition. One may, without being a techno-utopian, see the value of public registries and programmable assets. One need not be a speculator to see the potential of tokenisation in the trading of property rights. And one need not be an opponent of the state to conclude that the state should be rather less self-assured when regulating a phenomenon of which it is neither the creator nor a part.

The crypto argument touches matters more fundamental than the technology itself: freedom of contract, property rights, the limits of paternalism, trust in the citizen, competition among institutions and the role of the state in innovation. Behind it lies the further question of whether law's first task is to safeguard the existing order, or to allow a new one to emerge.

In that light, drafting any particular statute matters less than avoiding a category mistake — confusing what something is with what it can be used for. Crypto is neither solely a financial product nor pure ideology. It is a technological way of organising trust, ownership and exchange. If the law treats it only as a risky investment instrument, it grasps only part of the picture. If it treats it only as an emancipatory project, that too is only part.

What is needed is regulation that is more modest in its declarations, more precise in its instruments and more aware of its own costs. One that distinguishes fraud from experiment, intermediary from protocol, retail customer from professional participant, investor protection from market lock-out, safety from administrative convenience.

A word, in closing, about the pizza.

When Laszlo Hanyecz paid 10,000 bitcoin for two pizzas, no one needed MiCA, a national implementing act, a CASP licence, a regulator's position paper or a judicial definition of a token for the transaction to make sense to those involved. The sense was simple: someone held a digital record of value, someone else was prepared to act as intermediary, and the user community took the whole thing as proof that the new system worked in practice.

Sixteen years on, the pizza turns out to have been more than an anecdote. It was a test of imagination. It showed that value can appear before the state has named it; that the market can build an institution before the public institutions acknowledge it; that technology can force a debate which the law joins late.

The question that really matters, then, is not how to police that pizza or who is allowed to serve it. It is whether Poland wants to be a place where the next such pizza is baked, ordered and paid for — with licensing, supervision and consumer protection in the background, but without dousing the fire that lit the oven in the first place. The pizza itself was eaten long ago. In Poland, the argument goes on about how to fold the empty box, while the pizza arrives from across the border and digital pizzas, as ever, do not need our permission to bake.