It is a common misstatement that Blockchain and its applications are not regulated. The underlying idea here is that there is no tailor-made regulation put in place specifically for Blockchain applications in most jurisdictions. However, it does not mean that what you did via any Blockchain-based platform is beyond the law. Rather, we, at least in most cases, do not have a clear guideline on what rules shall apply to these platforms and transactions made through them.
This difference might not be a problem when everything goes smoothly. But when things get tricky, as it did for example in the DAO hack, the people suffered a loss will look for someone to put the blame on, they will refer to the law for liability and compensation. Then, the examination will start on the rules that shall apply to a given application regardless of how decentralized or how private it is.
It is still far from clear what is the legal status of the crypto-assets. Nevertheless, we see a new regulatory body explanation almost on a daily basis. Crypto-exchanges are subjected to specific rules in most jurisdictions especially due to AML/KYC regulations. Similarly, investor protection and/or crowdfunding rules apply to ICOs in some jurisdictions. With every new risk Blockchain applications posed, we see a new wave of regulatory attempts to clear the uncertainty, mostly in a prohibiting manner.
DAO Tokens were not securities in the traditional sense and most regulatory authorities were reluctant to decide on their legal status before. But after the heist, SEC started an investigation and, finally, held that DAO Tokens qualify as investment contracts, a type of security, under the US securities legislation. And quite recently, on 27 November 2018, CFTC released its Primer on Smart Contracts in which it has stated that:
Depending on its structure, operation, and relevant facts and circumstances, a smart contract could be a: (1) Commodity, (2) Forward Contract, (3) Futures Contract, (4) Option on Futures Contract, (5) Swap
Once again, we saw that, instead of coming up with a completely new regulation for a Blockchain application, an authority stated that structures based on a new technology might be subjected to an existing regulatory regime depending on its features.
All these examples show us it is not true that Blockchain applications are not regulated but there is a legal uncertainty around them as to which rules shall apply and this uncertainty might be resolved either by drafting a new tailor-made legislation, as in the case of Japan, or by taking Blockchain applications under the scope of an existing regulation, as in the case of the US.