According to a report by blockchain data firm Chainalysis, cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020. 2022 is set to likely surpass these figures. The faceless nature of projects and wallets, the inability to verify project representations, the opaqueness behind valuations and the fragmented nature of cryptocurrencies and how they are held, lends itself to opportunities to dissipate, divert and defraud investors of money. The law has a suite of tools designed for asset recovery – freezing orders, disclosure orders, constructive trusts but the crypto world offers a novel challenge – of assets moving in the cyber world in turn raising the question of where to take the fight to and against whom?
The War Plan
Assets can be stolen in a variety of ways, from hacks, to rugpulls and spoofing attacks (see: Appendix). A victim’s recourse may lie against: (1) the owners or operators of a blockchain project (for e.g.: in instances such as a hacked project or rugpull scam); (2) the hackers and/or fraudsters themselves; and/or (3) the cryptocurrency exchange involved in the illicit transaction:
The main objective of any war plan is to get restitution, i.e., recover the assets. An important premise, therefore, is that assets on the blockchain (i.e. cryptocurrencies and/or NFTs) must be recognised as property in the jurisdiction in which an action for recovery is commenced, such that the victim becomes entitled to assert a proprietary claim for the stolen assets and pursue certain remedies for recovery at law. A growing consensus is developing in common law jurisdictions such as Hong Kong, Singapore, New Zealand and the UK in recent years that recognises cryptocurrencies as property – and this trend is only likely to continue as more users adopt, hold and deal in digital assets stored on the blockchain. Other jurisdictions such as China may not recognise cryptocurrency as property, thereby curtailing the tools available for recovery. Careful consideration needs to be given to where to take the fight to.
The Battlefield
Perhaps the biggest conundrum in pursuing an action against hackers or fraudsters and related parties in the transaction, such as exchanges, is where (i.e. in which Court or jurisdiction) to commence an action. Relevant factors would include the domicile of the victim, the jurisdiction with the closest connection to where the crime took pace, where the fraudsters and exchanges are located and where the stolen assets are themselves located.
In the case of cryptocurrencies, which are stored on an online decentralised blockchain, the English High Court in Ion Science Ltd v Persons Unknown (unreported) (“Ion Science Ltd”) observed that a crypto asset is situated in the place where the person or company who owns it is domiciled, which justified the English Court’s jurisdiction in that case.
In the Singapore High Court decision of CLM v CLN [2022] SGHC 46 (“CLM v CLN”), the Court took jurisdiction over a dispute involving, among others, a victim who was a US national and exchanges in the Cayman Islands and Seychelles on the basis that the exchanges had business operations in Singapore and had complied with disclosure orders, and other parties had subsidiaries in Singapore and were likely to comply with future disclosure orders. This is despite the fact that Singapore had nothing to do with where the crime or hack took place, or even where the cryptocurrencies are ‘located’ (which would be USA by adopting the decision in Ion Science Ltd) and where the hackers may be physically located. Conflicting guidance from different courts isn’t ideal but goes to demonstrate the difficulty of applying typical jurisdictional metrics to the multi-jurisdictional and borderless world of cryptocurrencies.
The Intelligence
It is a critical to uncover whether the fraudster has diverted assets to a cryptocurrency exchange, to ultimately cash out the stolen cryptocurrency as fiat currency. Even though transactions on the blockchain are cross-border, anonymous and irreversible, every transaction is recorded transparently on the blockchain. It is therefore possible to trace and map out how a victims’ digital assets have been transferred on the blockchain. Tracing is not only a technical exercise, but also a legal one, with the victim first having to establish a proprietary claim over the stolen assets for example, to justify the imposition of a constructive trust over the stolen assets. Time is of the essence, and the sooner a victim takes steps to investigate, map out the flow of cryptocurrencies and obtain interim relief, the greater the victim’s chances of successfully recovering the stolen assets.
The Pincer Attack
Once the assets have been traced to an exchange (or other third parties involved in the illicit transaction), the next stage involves applications for disclosure orders such as the Norwich Pharmacal and/or Bankers Trust orders to obtain disclosure critical to the victim’s exercise to trace the flow of the stolen assets such as the names of individuals connected to the stolen assets by leveraging on AML and KYC information held by exchanges.
The Nuclear Bomb
Disclosure orders help to identify the movement of stolen assets and identify where possible, the preparators behind them – this lays the groundwork for one of law’s most lethal weapons – the freezing injunction. Often likened to a nuclear weapon, the freezing injunction, while a personal remedy against the preparator, effectively prevents assets from moving, whether in the hands of the fraudster or third parties holding assets on behalf of the fraudster. The need to freeze even before identifying the preparator has created a new genre of freezing injunctions against ‘persons unknown’ at an interim stage. In CLM v CLN the Court observed that ‘persons unknown’ must be described with sufficient certainty to identify both those who are included, and those who are not, with the Court accepting the definition of “any person or entity who carried out, participated in, or assisted in the theft of the Stolen Cryptocurrency Assets, save for entities involved in the provision of cryptocurrency hosting or trading facilities in the ordinary course of business.”
Armed with the nuclear weapon, a victim would need to serve the injunction on parties that may be connected to the stolen assets. In theory, this would apply to exchanges as well who may at one point become a “persons unknown” if the stolen assets eventually resurface onto third party exchanges that were initially unconnected to the hack, but subsequently have the stolen assets traded on their platform.
Service of court papers on a person that has yet to be identified can itself be conceptually tricky. Courts have begun adopting innovative solutions to the issue of service on unidentified persons holding wallets on the blockchain, with the English High Court in D’Aloia v (1) Persons Unknown (2) Binance Holdings Limited and others [2022] EWHC 1723 (Ch) permitting service by transfer of a NFT on the blockchain to the wallet address belonging to wrongdoers.
The Main Assault
Freezing or proprietary injunctions however are only interim measures, and the victim must still obtain final relief against the wrongdoers in Court. This final relief can be in the form of a return of the stolen assets or for damages arising out of the breach. In the former category, where a person misappropriates the property of another without consent, a constructive trust arises by operation of law over the stolen assets, as it would be unconscionable for the misappropriating party (i.e. the hacker or fraudster) to assert any beneficial interest in the property or their traceable proceeds. Damages are also another form of relief but this would involve an assessment of the monetary value of the tokens which may not always be straightforward.
Collateral Targets
Apart from the hackers or fraudsters, victims may also pursue recovery against the owners of the blockchain project involved in the crime, for the platform’s breach of contract and/or negligence or failure to implement proper security measures to prevent a hack from taking place. The victim may also explore recourse against the exchange, banks and/or other third parties involved in the illicit transaction for dishonest assistance, for permitting the transfer and subsequent dissipation of the stolen cryptocurrencies. The primary hurdle to succeeding in such an action would be demonstrating that the parties had knowledge that the illicit transaction concerned assets that have been stolen or misappropriated.
Falling victim to a hack or cryptocurrency scam can be a costly and harrowing affair. Fortunately, however, Courts across the world have begun to fashion pragmatic and robust solutions to tackle the novel issues that arise in the recovery of stolen assets stored on a blockchain.
A well-considered war plan, swift action and collaborative approach with forensic investigators can make all the difference for a successful recovery exercise.
|
Appendix: Types of Hacks, Scams & Spoofing Attacks Hacked Blockchain Projects
Rugpulls
Deception / Spoofing attacks
|
