On Wednesday, September 28, 2022, I was a panelist with my Brown Rudnick colleagues Jane Colston and Jessica Lee (London) and Stephen D. Palley (Washington DC) discussing recent developments in crypto fraud. The session was recorded and is available here, but some of the main points of discussion and areas of comparison between the US and the UK included:
Is the “crypto winter” and falling price of cryptocurrencies leading to less fraud in the area?
- Unfortunately, we don’t think it does – there is still significant activity in the crypto market, and while consumers are more aware of crypto scams, bad actors continue to innovate.
- We have seen a significant shift to scammers and hackers targeting DeFi platforms and cross-chain bridges – which is exactly what happened to Binance last week when a hacker targeted a cross-chain bridge and got away with approx. 100 million dollars of crypto.
Victims of crypto fraud have a chance to recover as transactions can be traced even where the perpetrators of the fraud are unknown
- The blockchain is pseudonymous and not anonymous. All transactions are recorded on the blockchain, including wallet addresses that allow tracking the movement of crypto and identifying wallets that have received stolen crypto assets.
- Following the 2019 Legal Statement on Crypto Assets and Smart Contracts, the English courts have been willing to treat crypto assets as property and issue injunctions (including worldwide freezing orders) to recover stolen crypto. Non-fungible tokens (NFTs) have also been held to fall within this category. Note – The Law Commission is currently considering establishing a new third category of personal property called “data objects” which would cover digital assets including cryptocurrencies which would establish that crypto is capable of constituting property.
- If the identity of the potential defendant is not known, the person unknown jurisdiction in the UK and many other common law jurisdictions (similar in the US to the John/Jane Doe jurisdiction) allows plaintiffs to seek interim relief against a defined category of unknown persons for example, owners of wallets that received the stolen funds.
- In both the US and the UK, service of court orders and proceedings has been accomplished using the blockchain and sending an NFT to a known wallet address despite the wallet holder being unknown. In a recent US crypto case, the service was also performed via a help chat box on a website.
Orders can be obtained to enable the identity of the fraudster to be discovered, although there may be some difficulties here
- The English courts have stepped in by granting Norwich Pharmacal Orders (NPOs) and Bankers Trust Orders (BTOs) against third parties (eg crypto exchanges) to obtain information to identify unknown wallet holders who have received stolen funds.
- However, the level of information stored by exchanges varies enormously, so disclosure orders may not always be effective in practice, but incoming international regulation in this area is likely to make a difference.
- In particular, a new civil procedure gateway was introduced in CPR PD 6B Para 3.1(25) on 1 October 2022 which will facilitate a more cost-effective process to enable information orders to be obtained against parties outside the jurisdiction who wish to disclose (a) the identity of a defendant; and (b) what has become of the claimant’s property, without first having to resort to costly legal proceedings.
Incoming regulation will hopefully improve the prospects for recovery in cases of crypto fraud
- There is also a tentative agreement at EU level to extend anti-money laundering regulations to cover the transfer of cryptoassets and bring cryptoassets and related entities under a regulatory framework aimed at strengthening consumer and investor protection known as the Regulation on Markets in crypto assets. (MiCA).
- The FCA held CryptoSprint events in 2022 to discuss areas for reform, including ongoing disclosure of information about cryptoassets to buyers, identifying when regulation should apply and the need for custody regulations, aimed at protecting consumers. This is in addition to anti-money laundering regulations that crypto-asset businesses must comply with (and which will improve the KYC information available in cases of crypto-fraud) and the financial promotion of crypto-assets to UK consumers.
Other interesting developments to watch in this space include:
- Question whether there can be other technological routes to recovery. Panelists discussed whether developers on a network may be subject to fiduciary or other duties of care to users to redirect stolen crypto back to users. This is currently the subject of an ongoing dispute in Tulip trade case pending before the English Court of Appeal.
- Responsibility for decentralized autonomous organizations (DAOs). Recently, the US Commodity Futures Trading Commission (CFTC) has charged the individual members of a DAO, treating the DAO as an unincorporated association. How DAOs will be treated more generally in the UK and US is yet to be determined and raises a number of potential issues, including their legal status and who is responsible for a DAO’s actions.
The content of this article is intended to provide a general guide to the subject. You should seek specialist advice about your specific circumstances.