{"id":229747,"date":"2021-04-18T14:12:00","date_gmt":"2021-04-18T11:12:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/the-perils-of-suing-crypto-exchanges-after-ransomware-attacks\/"},"modified":"2021-04-18T14:12:00","modified_gmt":"2021-04-18T11:12:00","slug":"the-perils-of-suing-crypto-exchanges-after-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/the-perils-of-suing-crypto-exchanges-after-ransomware-attacks\/","title":{"rendered":"# The perils of suing crypto exchanges after ransomware attacks"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2581730d870\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2581730d870\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/the-perils-of-suing-crypto-exchanges-after-ransomware-attacks\/#Cryptocurrency_as_property_in_the_UK\" >Cryptocurrency as property in the U.K.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/the-perils-of-suing-crypto-exchanges-after-ransomware-attacks\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># The perils of suing crypto exchanges after ransomware attacks <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDQvZjlhMjAwZTYtNmJlNS00YmJmLWE3NzItN2U3ZjlmMmQzYWIwLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>In October 2019, unknown hackers <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/hardfork\/2020\/01\/28\/uks-high-court-orders-crypto-exchange-bitfinex-to-dox-recipients-of-860k-in-bitcoin\/\">infiltrated<\/a> a Canadian insurance company by installing the malware BitPaymer, which encrypted the firm\u2019s data and IT systems. The hackers demanded a ransom of $1.2 million be paid in Bitcoin (BTC) in return for the decryption software needed for the firm to regain access to its systems.\u00a0<\/p>\n<p>The firm\u2019s United Kingdom-based insurer \u2014 known only as AA \u2014 arranged to pay the BTC ransom, and the firm\u2019s systems were back up and running within a few days. Meanwhile, AA started the process of seeking legal avenues to recover the BTC obtained by the hackers. It engaged the blockchain investigations firm Chainalysis, whose investigations <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.mayerbrown.com\/en\/perspectives-events\/publications\/2020\/02\/english-high-court-recognises-bitcoin-as-property--a-look-at-the-decision-in-aa-v-persons-unknown\">revealed<\/a> that 96 of the 109.25 BTC paid had been transferred to a wallet linked to the Bitfinex exchange.<\/p>\n<p>So far, this story is (unfortunately) far from unusual. Bitcoin <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.marsh.com\/us\/insights\/research\/ransomware-paying-cyber-extortion-demands-in-cryptocurrency.html#:~:text=Bitcoin%20accounts%20for%20approximately%2098,for%20cyber%20incident%20response%20planning\">accounts for<\/a> the vast majority of ransomware payments due to its anonymity, accessibility (making it easier for victims to pay the ransom) and verifiability of transactions (allowing criminals to confirm once payment has been made). What <em>is<\/em> unusual about this story, however, is that it <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bailii.org\/ew\/cases\/EWHC\/Comm\/2019\/3556.html\">sparked<\/a> a 14-month-long legal battle between AA and Bitfinex, one that only recently concluded after AA <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.cryptonomist.ch\/2021\/02\/03\/bitfinex-lawsuit-against-insurer\/\">discontinued<\/a> its claim against Bitfinex in the U.K. High Court.<\/p>\n<p>Having traced the stolen BTC to Bitfinex\u2019s platform \u2014 and with the identity of the hackers still unknown \u2014 AA started its litigation against Bitfinex in December 2019. Again, this is not unusual: U.K. courts have a wide range of remedies at their disposal to assist victims of fraud in trying to recover their assets. In instances where banks, exchanges or other inter<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>ries may find themselves unknowingly receiving or holding mis<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ropriated or stolen assets, victims of fraud have been able to rely on:<\/p>\n<ul>\n<li>Norwich Pharmacal orders, which require a third party to disclose certain information to the applicant that will assist in recovery efforts. In this context, the information would be the identity of the wallet holder to which the BTC was traced, and\/or details of any other transactions involving the BTC since receipt by the wallet linked with the exchange.<\/li>\n<\/ul>\n<ul>\n<li>Freezing orders that prevent defendant fraudsters from dealing with any of their assets until further notice. An exchange notified of a freezing order relating to a client must take steps to freeze the account to prevent the client from withdrawing and dissipating assets.<\/li>\n<\/ul>\n<ul>\n<li>Where it can be established that the third party holds property that belongs to the fraud claimant, proprietary injunctions can be obtained to prevent the third party from dealing with that particular property. Linked orders are often made to require the subject of a proprietary injunction to disclose information of the Norwich Pharmacal-kind explained above.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cryptocurrency_as_property_in_the_UK\"><\/span>Cryptocurrency as property in the U.K.<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The U.K. courts are very familiar with the preceding remedies when involving bank accounts and fiat currency. More recently, the courts have been grappling with how these principles apply to cryptocurrency. However, it is clear that the courts are willing to flexibly apply legal principles, to ensure that these remedies are available to victims trying to recover stolen crypto assets. <\/p>\n<p>In the AA case, Justice Simon Bryan determined \u2014 for the first time \u2014 that Bitcoin could be <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.finance-disputes.co.uk\/2020\/02\/english-court-confirms-that-cryptoassets-are-property\/\">classified<\/a> as property under British law, meaning that he could grant a proprietary injunction in relation to that property. This seems obvious, but traditionally the law has seen property as something that could either be possessed in a tangible sense or be enforced by a right to sue. Cryptocurrency obviously does not meet either requirement, but the courts have taken a pragmatic approach to ensure that novel intangible assets, like cryptocurrency, are considered property.<\/p>\n<p>This flexible approach meant that AA was able to obtain injunctive relief. Bitfinex duly froze the account and provided AA with information about the identity of the customer who owned the wallet with the stolen BTC.<\/p>\n<p>As it turned out though, the BTC had been transferred again before Bitfinex was contacted by AA\u2019s lawyers, and could not be returned. AA reached a confidential settlement with Bitfinex\u2019s customer (also a defendant to AA\u2019s claim) and then turned its sights on Bitfinex, in an attempt to receive additional compensation. The insurer raised a number of legal claims against Bitfinex, including the assertion that the exchange received the BTC (or its traceable proceeds) when it was property belonging to AA. As such, AA declared that a legal trust should be imposed, holding Bitfinex accountable to AA for the BTC. It was also argued that Bitfinex was reckless with regards to whether the BTC was lawfully transferred into the relevant wallet.<\/p>\n<p>These are difficult arguments to prove, and after Bitfinex sent out its detailed legal defense and response to AA\u2019s claims, AA ultimately decided to abandon its claims against Bitfinex. But this was not quite the end of the story. Usually, when a claimant abandons its case, the default position is that it must pay all of the defendant\u2019s costs. However, AA argued that its cost liability should be reduced by 50%, based upon Bitfinex\u2019s supposedly \u201cunreasonable\u201d conduct. The parties fought this out at a High Court hearing in January, culminating in the court deciding there was no unreasonable conduct that would justify any reduction. AA was therefore ordered to pay 100% of Bitfinex\u2019s legal costs, including the costs of its own unsuccessful application to have those costs reduced.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>It is understandable that victims of fraud \u2014 who may not be able to successfully pursue the actual fraudster \u2014 might be tempted to take on a cryptocurrency exchange with deep pockets, perhaps in the simple hope that they can engineer a modest settlement, and avoid the time and cost of complex legal proceedings. <\/p>\n<p>Cyber insurers like AA might calculate that the cost-benefit associated with those steps would be justified. However, exchanges like Bitfinex will continue to defend themselves robustly, particularly when the legal merits of claims are extremely challenging, and ultimately represent an attempt to drag an innocent exchange into the fallout of a cybercrime it had neither knowledge of nor involvement in.<\/p>\n<p><em>This article was co-authored by <\/em><strong><em>Stephen Elam<\/em><\/strong><em> and <\/em><strong><em>Shelley Drenth<\/em><\/strong><em>.<\/em><\/p>\n<p class=\"post-content__disclaimer\"><em>The views, thoughts and opinions expressed here are the authors\u2019 alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.<\/em><\/p>\n<p class=\"post-content__disclaimer\"><em>This article is for <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a> information purposes and is not intended to be and should not be taken as legal advice.<\/em><\/p>\n<div>\n<div style=\"background: rgb(239, 239, 239); border: 1px solid rgb(204, 204, 204); padding: 10px;\"><strong>Stephen Elam<\/strong> is a partner and <strong>Shelley Drenth<\/strong> is an associate at Cooke, Young &amp; Keidan LLP, a disputes law firm that regularly advises on litigation and regulatory issues, in relation to cryptocurrency.<\/div>\n<\/div>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/the-perils-of-suing-crypto-exchanges-after-ransomware-attacks\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# The perils of suing crypto exchanges after ransomware attacks &#8221; In October 2019, unknown hackers infiltrated a Canadian insurance company by installing the malware BitPaymer, which encrypted the firm\u2019s data and IT systems. The hackers demanded a ransom of $1.2 million be paid in Bitcoin (BTC) in return for the decryption software needed for&#8230;<\/p>\n","protected":false},"author":1,"featured_media":229748,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDQvZjlhMjAwZTYtNmJlNS00YmJmLWE3NzItN2U3ZjlmMmQzYWIwLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74862,74881,74863,74860,55229,62074,70934,4966],"class_list":["post-229747","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-bitcoin","tag-bitfinex","tag-cryptocurrencies","tag-cryptocurrency-exchange","tag-law","tag-ransom","tag-regulation","tag-united-kingdom"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/229747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=229747"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/229747\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/229748"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=229747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=229747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=229747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}