TSMP Law Corporation
  May 20, 2021 - Singapore

Cryptoassets – From Dark Web to Court Room
  by Forefront by TSMP

As cryptocurrency and digital assets enter mainstream markets, the business world will have to come to grips with the nature of this new asset class.

Silk Road was an Internet black market (known as the Dark Web) notorious for trading contraband, including illicit drugs. These transactions are anonymous, being settled in Bitcoin, a cryptocurrency that bypasses traditional payment modes that allow authorities to identify parties. In 2013, the FBI arrested Silk Road founder Ross Ulbricht and later convicted him of multiple crimes. The FBI also seized Bitcoin assets in Silk Road’s accounts.

Ironically, one “Individual X” had already hacked into and stolen about 70,000 bitcoins from 54 Silk Road accounts in 2012. These bitcoins were traced to one single e-wallet, and languished there for eight years. While the bitcoins’ location was public knowledge, Individual X’s identity remained elusive. In 2020, blockchain analysis firms spotted the bitcoins’ movement to two other addresses that belonged to the US government, specifically the IRS. Obviously, Individual X must have been identified, and compelled to transfer the bitcoins, now worth US$1 billion, to e-wallets controlled by the US government. How Individual X was unmasked remains unknown.

In other darknet lore, in 2016, hackers stole about US$72 million in Bitcoin from HK-based cryptocurrency exchange Bitfinex, owned by iFinex Inc. The bitcoins were pilfered from some of the customer-segregated e-wallets, while other e-wallets remained intact. However, Bitfinex decided to “socialise” the hit and spread the losses among all its customers. Was this fair? Perhaps. But was this legally correct? If bitcoins are considered property, then absent a contract that allowed it to do so, Bitfinex should not have touched the customer accounts unaffected by the hacking.

Taking on cyber criminals – the Court Block

Cryptocurrencies’ anonymity and quick transfer facilitate crime. Miscreants demand this currency as ransom when their malware invades a system to encrypt data, or when they steal confidential information and threaten its owners with public release. Such payments are untraceable to the payee, and able to cross borders in a single click with receipt verifiable in real time. No more bags of unmarked, non-sequential bills.

The anonymity shrouding such transfers poses fresh challenges in legal enforcement. And the Courts have started fighting back.

In the case of AA v Persons Unknown, the plaintiff paid the hacker a ransom in Bitcoin, which was tracked to a Bitfinex exchange-linked e-wallet. The plaintiff sought an injunction against the exchange, simultaneously making a claim against the hacker, even though his identity was unknown. This is a growing trend where plaintiffs seek Court orders against anonymous wrongdoers or “persons unknown”, expecting that if a third party knows the wrongdoer’s identity, that third party may be hesitant to abet or facilitate that wrongdoer’s breach.

A “Spartacus” order sometimes accompanies this action. In PML v Persons Unknown, hackers stole information and demanded ransom in Bitcoin. PML sought a non-disclosure Court order, hoping to deter third parties from releasing the information. It also sought a self-identification order where the blackmailers would be compelled to identify themselves. This may appear superfluous, but blackmailers may eventually be outed, and third parties who know their identities and abet such non-compliance could be in contempt of court.

These stories illustrate how the world of cryptocurrencies challenges the existing legal order. Some fundamental legal issues are likely to arise.

Is cryptocurrency property?

Is Bitcoin property or currency? The answer matters. If my 10 bitcoins are stolen, what can I sue for? If it is currency, then I will generally get 10 bitcoins back, whether their value has gone up or down. But if my 10 bitcoins are property, and if they have devalued by the judgment date, I can ask for the bitcoins’ value as of the theft date in fiat currency.

The law traditionally recognises two types of property rights: assets you possess and own, and rights you can enforce. But Bitcoin is neither: you do not own Bitcoin; rather you have a “private key”, digital information that allows you to deal in Bitcoin. And, like currency, Bitcoin is a store of value, but unlike cash, no third-party intermediary exists, like a bank against which you can enforce your property interest.

Courts in Singapore, England and New Zealand have, for now, accepted that Bitcoin is property, but the issue is still being debated in the United States and European Union. And the answer may well rest in the specific cryptocurrency’s precise characteristics, and the rules of the system within which it operates. That would mean that not all cryptocurrencies would be treated the same in the Courts and these characteristics may well determine the outcomes of future disputes.

Can a cryptocurrency be held on trust?

If cryptocurrency is property, then it should be capable of being held in trust.

This was the issue faced by the New Zealand Court in Ruscoe v Cryptopia. Cryptopia was an exchange that held various cryptocurrencies on behalf of accountholders traded on their platform. It held all the private keys and carried out transactions on behalf of accountholders, and recorded these trades in an internal ledger, not on the blockchain. In January 2019, hackers stole NZ$30 million worth of cryptocurrencies, sending Cryptopia into liquidation.

Accountholders squared off against the unsecured creditors. If the cryptocurrencies were held on trust for the accountholders, then almost everything would go to them, and the unsecured creditors would recover far less. If they were not held on trust, then Cryptopia’s assets (mostly cryptocurrencies), would be shared pari passu between accountholders and creditors. The Court held that the cryptocurrencies were property, and capable of being held on trust.

However, in other cases, Courts have deemed an exchange’s cryptocurrencies not to be held on trust – the Singapore case of B2C2 v Quinone being one.

Can you trace and identify wrongdoers?

Small amounts of cash are generally untraceable. Even cash held in bank accounts enjoy some degree of confidentiality, while Court-ordered disclosure may still require months to trace what took hours to transfer. Blockchain, by design, allows transactions to be conducted anonymously. However, this feature does not necessarily make it harder to trace the movement of cryptocurrencies that were stolen, or paid in ransom.

With cryptocurrency, as long as transactions were made on the blockchain, how it moved to the last block in the chain is publicly recorded. Authorities may know where it is; they may not know who it belongs to. And if the cryptocurrency is not held on an exchange, it remains untouchable.

In 2018, US$32 million was stolen from UK cryptocurrency exchange Dooga (then known as Cubits). The Bitcoin was eventually traced to two US crypto-exchange-held e-wallets, and Dooga’s liquidators successfully obtained a Court order to seize the assets. This episode probably provides the key to traceability, where Bitcoin is traded through one or more exchanges. Laws increasingly require that exchanges be licensed and adhere to KYC standards. While peer-to-peer anonymity will still exist, this space will shrink as transactions are increasingly facilitated through the intermediary of an exchange.

The apparent anonymity of crypto-assets is just that – apparent. At best, blockchain transactions confer a veil of pseudo-anonymity, which can increasingly be pierced using data analytics and forensic techniques. Attempts to obfuscate blockchain transactions through transaction aggregation are being countered by more sophisticated tracing tools. However, new cryptocurrencies such as Dash, Menero or Zcash are more privacy-oriented and harder to trace. The battle between criminals and the police, scamming and its countermeasures, is a never-ending story whose latest chapter is being written on the blockchain.

Can wrongful Bitcoin transactions be reversed?

In disputes involving the wrongful transfer of shares, land or other chattels, it is possible as a matter of law to reverse the transfer. A Court can order the rectification of a share register or land titles register as the remedy or to resolve a dispute.

But can the Court change the blockchain? The point of the blockchain is that it is immutable. To change it, over half of the users (or nodes) must agree. Once the cryptocurrency is stolen, practically no way exists to get it back unless the thief voluntarily (or involuntarily by legal sanction) transfers it back.

The law may lack teeth, but one community has successfully reversed such a theft. This concerned the hack on the Decentralised Autonomous Organisation where millions of dollars in ether were stolen.

The Ethereum community voted almost unanimously in favour to roll back the transactions to the point before the hack, thereby unwinding the theft and restoring the stolen ether to its owners. But the reversal, even if it helped the victims, was the antithesis of what some considered blockchain’s core benefit: its immutability and decentralisation. So not everyone agreed to the reversal, which resulted in a “hard fork” in the cryptocurrency, effectively splitting it into two. There are now two blockchains, one representing the restored Ethereum blockchain after the hard fork, and one representing the Ethereum blockchain that was hacked. The unreversed chain was renamed “Ethereum classic” while the hard forked ether remained Ethereum.

Can you get an effective freezing injunction over cryptocurrencies?

If cryptocurrencies are property, then they can properly be the subject matter of a proprietary freezing injunction.

But will the freezing injunction be effective against the wrongdoer? Even with a “persons unknown” injunction, there is no one to enforce it against, and the wrongdoer can ignore the order. The hope is that if there is a freezing injunction, third parties will be chary of breaching a Court order. This can work if the wrongdoer needs to convert the cryptocurrency it extorted into another cryptocurrency or fiat currency, which is normally performed through an exchange. Freezing injunctions can be served on these exchanges, many of which have express policies to cooperate with the authorities and comply with Court orders.

In Singapore, Section 4 of the Administration of Justice Act 2016 makes it a contempt of Court if someone causes or abets the breach (even if not a party to an action), with the intention of causing such breach.

A bigger legal minefield ahead

These legal issues are just the tip of the iceberg. Many questions remain, like which Court has jurisdiction over a dispute where the transaction took place is unclear. Or how one takes security over cryptocurrency. And how crypto-assets should be valued, which may be significant to determine if a company is solvent, especially where directors could face charges of insolvent trading.

Cryptocurrency has been treated with distrust by governments and traditional financial institutions, because it helps to facilitate illegal activity. But it has hit the mainstream, with carmaker Tesla investing more than US$1 billion in Bitcoin and announcing that it is planning to accept the cryptocurrency as payment for its electric vehicles. And legal issues around cryptocurrency’s nature and the rights attached to it will abound. Maybe Bitcoin will turn out to be a bubble or ether will vanish into thin air as governments roll out their own versions of digital currency. But so long as criminals remain, a market for untraceable transfers of funds will flourish. The gaping holes in the law will have to be addressed, by lawyers who jump in – to mine the gap.