+44 (0)20 7148 7800
LinkedIn
Twitter
Email
PrintBy Sam Roberts a Partner and Solicitor Advocate at CYK.
With crypto litigation in England and Wales having first kicked off in earnest in 2019, this article takes a quick tour through the key legal developments and pauses to consider some of the questions that remain unanswered.
1. How much can you trust the blockchain?
Unquestionably, the bread and butter of crypto litigation in this jurisdiction has been asset-tracing following frauds and thefts on owners. With the assistance of the ‘persons unknown’ freezing and proprietary injunction (spearheaded in 2017 by the non-crypto case, CMOC Sales & Marketing Ltd v Persons Unknown)[1], and the public nature of most blockchains, crypto asset-tracing is a successful cottage industry with an established pool of knowledgeable and skilled practitioners.
The past several years have seen the principle and procedure deployed in CMOC applied and extended in different ways. Towards the end of 2019, injunctions were awarded in both AA v Persons Unknown[2], and Robertson v Persons Unknown[3]. Although the former involved the recovery of a ransomware payment and the latter involved a phishing attack, in both cases the claimants were able to follow the stolen crypto along public blockchains to cryptocurrency exchanges. A similar approach was taken in a string of subsequent cases, such as Ion Science v Persons Unknown[4] in 2020, Fetch.ai v Persons Unknown[5] in 2021, D’Aloia v Persons Unknown[6] in 2022, and Osbourne v Persons Unknown[7] in 2023.
However, it soon became clear that public blockchains offer only a partial window into what is really going on. In the 2023 decision Piroozzadeh v Persons Unknown[8], the claimant traced stolen Tether into the exchange Binance. In an interim hearing, Binance opposed an order that had been made against it at an earlier hearing to freeze the traceable proceeds of the stolen Tether, and in doing so gave revealing evidence about how that exchange (and, it is to be presumed, other exchanges) work behind the scenes. Binance explained that although its customers can deposit tokens in dedicated addresses connected with the platform, tokens are ‘swept’ by the exchange into pooled addresses. The customer retains no property interest in the deposited token; instead, the customer is credited with the value of the deposit in an internal ledger maintained by the exchange.
What this means is that Binance – and other exchanges – are black boxes. When a user on the platform wants to make a withdrawal, the exchange will dip into its reserves (held across a multitude of addresses), make the transfer to the user’s nominated destination address, and debit the user’s balance on an internal ledger. There is not necessarily – and probably will not be – any linkage at all between the deposited token and the withdrawal. This means that it is impossible to trace through an exchange without the exchange itself opening up its books and revealing to the claimant the details of the onward transactions which represent the debiting of the fraudster’s account.
This problem was underlined in the 2024 trial in the D’Aloia[9] case, where Mr D’Aloia thought he had traced some of his stolen cryptocurrency to the Thai exchange, Bitkub. In cases such as these the Court is heavily reliant on the parties’ independent expert to establish that transfers between addresses represent the traceable proceeds of a fraud. This job is considerably more complicated (and potentially impossible) where the addresses in question already contain positive balances and other transfers to other addresses, or receive funds from other sources midway through the dissipation of the originally received funds. As was revealed in D’Aloia, tracing software does not necessarily tell the software operator what assumptions it is making, and different software used by the same party produced different results. But it is not just a question of software: human operators make interpretative decisions and assumptions, too, and those must be consistent, logical and explicable. In D’Aloia, the decisions were none of those things, with the consequence that the victim was unable to prove that any of his stolen USDT had ended up at Bitkub.
The job of tracing is also made more complicated by the fact that crypto transactions (represented by single blocks on the blockchain) can have both multiple outputs, and multiple inputs. This is a concept completely alien to tracing bank transactions where a single payment can only go from and to one place. Is it even possible to apply the ‘first in, first out’ rule to a block with multiple inputs and multiple outputs? All transactions in a single block are added to the blockchain – and therefore take place – simultaneously. No single transfer is first, whether in or out. Whether a stolen token has gone to one output address, multiple addresses, or all of them in proportion, is entirely unclear.
Other issues emerge, too. Crypto businesses can be stacked inside each other, like an endless string of Russian dolls. Exchange A opens a user account at exchange B, and is allocated its own deposit address by exchange B. Exchange A’s users deposit tokens with A at the address allocated by B. When a user of exchange A asks to make a withdrawal, A instructs B to debit A’s account by transferring tokens nominated by A’s user. This presents problems for asset-tracers because disclosure given by exchange B tells the victim no more than that A is running a sub-exchange, and the victim then has to start all over again with exchange A.
Add to this the legal complications that it is impossible to tell where many exchanges are located, and whether they must or will comply with an English Court Order, and the problems really start to stack up. In the 2023 case Scenna v Persons Unknown[10] (which involved stolen money rather than crypto), the Court denied the claimant disclosure orders against Australian and Hong Kong banks on the basis that the banks would not have to comply with foreign court orders and that other remedies were locally available in those jurisdictions. This decision – if correct – ought to have made a dent in the established practice of seeking disclosure against overseas crypto exchanges in England, but does not appear to have done. One unsatisfactory aspect of the decision, which appears to have gone largely unexplored, is the extent to which other remedies really were locally available in Australia. In England, it is well established that a standalone Norwich Pharmacal application cannot be brought in support of foreign proceedings[11]. While a standalone disclosure order can be sought under s. 25 of the Civil Jurisdiction and Judgments Act 1982 and CPR r. 25.1.1(g) in support of foreign proceedings, I have direct experience of the English court being unwilling to grant that relief because it might trample on the ratio in Ramilos Trading (even where the application was unopposed by the respondent institution). If the same approach were taken in Australia, the claimant might find out that relief was not available in Australia after all, which would negate one of the key reasons for refusing the relief in England. It therefore risks doing rough justice to the claimant for the English court to accept that relief is available overseas simply because the defendant says it would consent to it.
2. Who is Satoshi?
The years 2020 to 2024 were dominated by a slew of claims involving Craig Wright, largely but not entirely as claimant, but all predicated on the underlying conceit that he invented the bitcoin system (and therefore held various IP rights connected with it).
The TL;DR version of the Craig Wright saga is that on 14 March 2024, he was exposed in a stinging finding by Mr Justice Mellor, following a lengthy trial, as having lied repeatedly about his identity and oeuvre.
But it is easy to forget, standing in the comfort of 2025, what a vortex the Craig Wright litigation storm was. Lives were crushed and very substantial sums of money were spent with very serious London law firms. Mellor J recently summarised the various claims linked to this issue in a judgment explaining why he had granted a General Civil Restraint Order against Wright (after he breached the injunction granted by Mellor J at the end of the identity trial), and it is a long list[12]:
- Wright’s separate defamation claims against Peter McCormack, Vitalik Buterin, Roger Ver, Adam Back and Marcus Granath.
- Copyright infringement claim against Cøbra, the anonymous operator of bitcoin.org.
- Crypto Open Patent Alliance’s claim against Wright for negative declarations and injunctive relief.
- Wright’s claim against a group of “Bitcoin Core” developers in respect of various IP rights.
- Wright’s separate claim against Kraken and Coinbase for IP infringement.
Wright sought permission from the Court of Appeal to appeal Mellor J’s judgment, and permission was refused. That is therefore the end of the line in this jurisdiction.
While much money, sweat and ink were spilt reaching the (really quite obvious) conclusion that Wright was not and never has been Satoshi, no positive ground (or even progress) was made on establishing who he or she (or they?) was or were.
My own theory[13] – that Satoshi travelled back in time to give us the gift of distributed ledger technology – was not cited to Mellor J and, as far as I’m aware, has not gained significant market traction.
3. Do developers owe owners duties to crypto owners?
Remarkably, the above summary is not a comprehensive list of all the cases in the Craig Wright stable.
Around the same time that the slew of Satoshi-related cases was getting underway, Wright – under a corporate alter ego, Tulip Trading Ltd – began asserting that it was the true owner of some 110,000 bitcoin in two addresses held in an off-exchange wallet, the passphrase to which was held on Wright’s home computer network. It was alleged that, sadly, an unidentified hacker gained access to Wright’s network, made off with the passphrase and deleted Wright’s copy. Tulip Trading, it was said, as the victim of theft, was owed fiduciary and tortious duties by groups of developers which it said were responsible for maintaining the node software which processed transactions on 4 different bitcoin-derived blockchains (Bitcoin Core, Bitcoin ABC, eCash and Bitcoin SV). These duties obliged these developers to patch the software to restore Tulip’s access to the inaccessible bitcoin.
The claim against the Bitcoin SV developer settled early, with the relevant developer defendant agreeing to patch its software. However, BSV is Wright’s ‘pet’ version of bitcoin, and the claim against that defendant was widely believed by the other developer defendants to be a Trojan horse – a proof of concept masquerading as a settlement between arms’ length parties. The remaining defendants opposed both Tulip’s claim to ownership, and also the idea that, because they could write software, they must write that software.
The Tulip Trading case was to proceed to a split trial. Had the claim not been discontinued following Wright’s loss in the Satoshi claims, Mellor J would have gone on first to consider whether Tulip was the genuine owner of the bitcoin in question. Because the claims to ownership were fantastic and incredible (as in, quite literally not credible) in reality the Court would never have gone on to consider the much more interesting question of what, if any, duties are owed by developers in circumstances of loss or theft.
With thousands of different blockchains in existence, and the degree of control over blockchain software ranging from fully amorphous to tight and centralised, there is a very interesting debate – or debates – to be had over the extent to which “can” means “must”, and even if it does, whether node operators would run the patched software such that it would even have the desired effect.
4. Is pulling an FTX always bad?
Sam Bankman-Fried was sentenced to 25 years in prison for fraud, conspiracy and money laundering. He was described by erstwhile White House communications director/podcast host Anthony Scaramucci as “the Bernie Madoff of crypto”. That epithet is certainly consistent with – or at least resonant with – how he seems to have gone down.
But it’s worth taking a closer look at SBF and the downfall of FTX because one revisionist view of his deeds is that, while lying about what he did was bad, perhaps what he actually did was not all that bad.
In 2022, I began a project to scrutinise the small print of various crypto exchanges, and in doing so happened to download FTX’s terms and conditions before the exchange went insolvent and all of that interesting information got pulled from the website.
The copy of FTX’s terms provided that “Title to your Digital Assets shall at all times remain with you and shall not transfer to FTX Trading… None of the Digital Assets in your Account are the property of or shall or may be loaned to, FTX Trading”.
The problem was, of course, that FTX diverted deposits from customers to its pet prop trading firm, Alameida Research, and couldn’t satisfy customer withdrawal requests when – independently – industry publication CoinDesk questioned the accuracy of Alameida’s balance sheet.
This is of course not a full account of everything SBF was put on trial or convicted for. It does however address one of the biggest criticisms against FTX and SBF – that they “stole” or “embezzled” customer funds.
Unlike in the banking industry, there is not a single, sector-wide approach governing the relationship between exchanges and their customers. A customer depositing their crypto with FTX under those terms was justifiably entitled to expect that FTX would not deploy it as if it were its own. However, plenty of other exchanges tackle the problem differently, and provide that – as with a bank – deposited crypto is loaned to the exchange for the exchange then to do with as it pleases. The exchange then runs and manages its own insolvency risk. A crucial distinction between an exchange and a bank in this scenario is that the exchange is broadly unregulated, has no capital adequacy obligations, and there is no compensation scheme for creditor customers of a collapsed exchange.
However, it is easy to foresee a situation in which an exchange collapses amidst high demand for withdrawals, is found to have been trading with deposited tokens on its own account, but contractually has done nothing wrong.
5. If an unregulated market is abused, is it still market abuse?
Although less prevalent in this jurisdiction, there are many reported instances of behaviour in the crypto sector that could – in a regulated financial market – put the person behind it in prison.
Perhaps the most widespread is promotion of crypto assets by influencers and celebrities. Famously, celebrities like Kim Kardashian, Tom Brady and Larry David have all been sued for their roles in promoting various coins or businesses. One of the only crypto behaviours that is currently regulated in England and Wales is the promotion of crypto assets, and it is clear that unless (a) a firm is authorised by the FCA, (b) the firm is registered with the FCA under the Money Laundering Regulations, (c) the promotion is approved by another person with the appropriate authorisation, or (d) an exemption applies, the transaction can be set aside, and the promoter can be sued in the civil courts, and face fines and prison time.
So, victims of a crypto pump and dump scheme, or a rug-pull, may well have a statutory remedy. This type of scheme involves the aggressive promotion of a particular crypto token, inflating its public price. Early buyers wait until the market is buoyant before selling, resulting in the token price crashing and owners being significantly out of pocket. Unless the promoter of the token falls within the FCA’s rules on financial promotions, the consequences could be very serious for the promoter.
But other aspects of the FCA’s regulatory perimeter do not yet apply to crypto markets, and would-be claimants must find another cause of action to bring a claim. An obvious starting point would be market manipulation. There are many ways that a crypto market could be abused. For instance, ICOs are equivalent to IPOs for shares. With founders often receiving a large share of the new token, there is ample prospect for profiting from insider trading – particularly combined with a listing on a major exchange, which should result in a price bump. Similarly, new token launches rely on liquidity pools to manage supply and demand and keep prices from either spiking or collapsing. The opportunity for front-running is significant.
Market abuse in England is governed by the Market Abuse Regulation. The regulation does not (yet) apply to spot crypto markets (albeit it does apply to crypto derivatives linked to a fiat currency). Even if it did, however, the (admittedly provisional) view of the courts has so far been that the regulation does not give victims of market abuse a private cause of action against the wrongdoer.
Instead, it seems that a victim would have to rely on the miscellany of causes of action under English law to pin liability on the manipulator. That might involve implying terms into a contract if there is a contract, or deploying one or more economic torts such as conspiracy, or perhaps even claims based on the misuse of confidential information.
6. Is there any future for consumer arbitration in crypto disputes?
Arbitration clauses in crypto exchange terms and conditions are not uncommon, and there are good reasons why exchanges like them: a series of bespoke and speedy rules, privacy and ease of enforceability all align nicely with a sector bent on disrupting the traditional way of doing things. They can also effectively prevent a group action, or massed series of identical claims, by disentitling claimants to consolidation.
However, two key decisions in this jurisdiction seriously undermine the utility of including these sorts of dispute resolution mechanisms in exchange terms.
In Payward, Inc & Ors v Chechetkin[14], the well-known exchange Kraken sought to enforce in England an award it had obtained under a JAMS arbitration in California against Mr Chechetkin, a lawyer and non-professional crypto trader. Following some failed trades placed on the Kraken platform, Mr Chechetkin lost over £600,000. He said, however, that the trades were in violation of the general prohibition under the Financial Services and Markets Act 2000 in that they amounted to dealing in or arranging deals in investments, at a time when Kraken did not have the necessary authorisation. Mr Chechetkin claimed he was entitled to full reimbursement. In response, Kraken commenced the JAMS arbitration seeking and obtaining an award prohibiting Mr Chechetkin from pursuing his FSMA claim in English litigation.
There are very limited grounds on which an arbitration award will not be enforced in England. One of those few grounds, and the one relied on by Mr Chechetkin, was that it would be contrary to public policy, specifically because the arbitration clause offended his consumer rights because it was unfair. Following Ang v Reliantco Investments Ltd[15], one thing that is clear about consumers is that it does not matter how well a person trades or in what sorts of volumes, if they have a primary trade or profession, they are a consumer. Mr Chechetkin undoubtedly was.
The court had no trouble concluding that the enforcement of the award was contrary to public policy, for four reasons – the most interesting of which are that the reasonable consumer in Mr Chechetkin’s shoes would not have agreed to a JAMS arbitration in California subject to US legislation; and that it would have deprived Mr Chechetkin of the chance to pursue his FSMA claim.
The decision in Chechetkin followed a similar decision, Soleymani v Nifty Gateway LLC[16], albeit that decision only concerned a stay of proceedings in favour of the arbitration commenced by Nifty Gateway in New York, rather than a refusal to enforce an award. In that sense, the decision is less dramatic. However, in another sense it is more dramatic, because Mr Soleymani was a man of means and the argument that no-one in his position would have chosen arbitration carries less weight. It was, however, still successful.
In light of these decisions, perhaps the best way to look at clauses which nominate an overseas seat and foreign substantive law, is that they are very much at risk of getting the platform nowhere if it would put a consumer in tactically worse position than they would have been in without the clause.
True enough, not all exchange customers are consumers, and depending on the situation a faster, cheaper (and rougher?) form of justice might appeal to some consumers. However, binding arbitral awards in disputes between exchanges and UK-based customers may be the exception rather than the rule.
A Bonus 7th Question – Is it really property?
Anyone who has spent any serious amount of time in my company and has broached the topic of crypto will know that the debate around whether crypto (or any of it) is really property is a particular bugbear of mine.
Like a government PPE contract mid-Covid, a lot of the discussion seems to have been rushed through with very little time spent looking at the other side of the argument. The word “rivalrous” is now bandied about by practitioners like they have been using it their entire lives, rather than first reading it in 2022.
Bar the odd academic article, to my knowledge, no-one has taken the other side of the argument in court[17]. Following the UK Jurisdiction Taskforce Legal statement on cryptoassets and smart contracts in November 2019, there were a slew of undefended injunctions cases against Persons Unknown, each building on the last and each only needing to convince the judge hearing the application that there was a good arguable case that the stolen token was property and injunctable. I recently attended a talk where one of the speakers stated that judgments from that sort of hearing are insufficiently authoritative when it comes to the law on the service gateways; so why should the position be any different on this important question?
This then culminated in the Law Commission’s Final Report on digital assets, the bold (and very much overstated) opening gambit of which was that “Digital assets are fundamental to modern society and the contemporary economy” – hardly a position which suggested that minds were open to alternatives. It then went on to propose legislation to make certain something of which everyone was apparently already certain.
To be clear, it is not that I’m convinced that crypto is not or is never property, and more that the sector is in a “9 out of 10 doctors agree” scenario – or at least one where not all things that look, walk and sound like ducks are ducks.
In a world where things move increasingly quickly, it is worth reflecting on whether a more methodical, less political approach might be called for. The law of unintended consequences is not a manmade law but a truistic observation on the unknowability of the future.
Some readers might quite fairly observe that this ship has already sailed and that everyone agreeing on something is a rare enough treat in the world of disputes that we should grasp the moment and not get distracted. So here is a potential unintended consequence of this conclusion.
Crypto, if property, is something that can be owned off-exchange, in a hot or cold wallet. No other legal person need be involved in the relationship between owner and token. If the system is working normally, the token can be sent elsewhere by the good offices of those running the node software. But what happens if the system is not working normally? What happens if those running the node software decide they don’t want to do that anymore, because it’s too power-hungry to be profitable, or for any other reason? What happens if that entire network of people decides never to run the software again, or delete or otherwise take offline every local copy of the distributed ledger? In the former case, the token cannot be sent anywhere, and in the latter the database itself – of which the token represents an entry – ceases to exist.
If a person on the other side of the planet ceases to run software which is intrinsic and instrumental to the existence of a thing claimed by another, has that person interfered with the second person’s property? That would be quite a dramatic conclusion that node operators might be rather shocked to learn. Not even Tulip Trading went so far as to say that the users of the bitcoin node software owed duties to token-owners; it only alleged that the developers of the software did. Could nodes be injuncted from leaving the network, or be sued for damages?
Or was it perhaps not property all along – maybe just a possibility or even likelihood of future value, whatever that means? It is after all difficult to think of another type of property where the inactions of others both (i) can cause it to cease to exist, and (ii) do not give rise to any rights in favour of the owner as a result. The D’Aloia trial judgment contains an interesting discussion about whether “powers” which stop short of rights can be property, but, seen this way, is the ability to transfer even a power? A better way of looking at it might be as an ability which is conditional on the underlying network continuing to exist and function. And put that way, much of the crypto world starts to look like my local parkrun.
Altogether, if something ceases to behave like property at the margins, was it perhaps never property after all, and maybe just walking a good walk and quacking a good quack?
