In October 2019, anonymous hackers infiltrated a Canadian insurance company and installed BitPaymer malicious software that encrypted the company’s computer and IT systems. The hackers demanded $ 1.2 million in bitcoin (BTC) ransom for the decryption software the company needed to regain access to its systems.
The British insurance company, known only as AA, agreed to pay ransom in bitcoin, and the company’s systems went back to work within a few days. Meanwhile, AA has begun the process of looking for legal ways to get back the BTC hackers got. He reached out to the blockchain investigation firm Chainalysis, whose investigation revealed that 96 of 109.25 BTC had been transferred to a wallet linked to the Bitfinex exchange.
So far, this story is (unfortunately) nothing out of the ordinary. Bitcoin accounts for the vast majority of ransoms because of its anonymity, affordable prices (making it easier to pay ransoms to victims) and its ability to verify transactions (so that criminals can verify after a payment is made). What is unusual about this story, however, is that it sparked a 14-month legal battle between AA and Bitfinex, which ended quite recently after AA dropped the lawsuit against Bitfinex in the UK Supreme Court.
After tracking down the stolen BTC on the Bitfinex platform – and the hackers’ identities are still unknown – AA filed a lawsuit against Bitfinex in December 2019. Again, this is not uncommon: British courts have a wide range of remedies available. help victims of fraud in an attempt to recover their assets. In situations where banks, stock exchanges or other intermediaries may inadvertently obtain or hold illegal or stolen assets, victims of fraud may rely on:
Norwich Pharmacal Orders, which require a third party to provide certain information to the applicant who will assist with the recovery work. In this context, the information will represent the identity of the owner of the wallet for which BTC is tracked and / or details of other BTC-related transactions since the receipt of the exchanged wallet.
Freeze orders that prevent accused fraudsters from handling their belongings until further notice. An exchange that has been notified of a freeze order associated with a customer should take steps to freeze the account to prevent the customer from withdrawing and wasting assets.
When it can be proven that a third party owns the plaintiff’s false property, monopoly orders can be obtained to prevent a third party from handling the property in question. Requests related to a disclosure order are often of the Norwich Pharmacal type described above.
Cryptocurrency as property in the UK
UK courts are well aware of past remedies when involving bank accounts and fiat currencies. More recently, courts have tried to determine how these principles should be applied to cryptocurrencies. However, it is clear that the courts are willing to apply legal principles in a flexible way to ensure that these remedies are available to victims trying to recover stolen cryptocurrencies.
In AA, Judge Simon Bryan ruled for the first time that Bitcoin could be classified as real estate under British law, which meant he could issue an injunction against the property. This seems intuitive, but traditionally the law has viewed property as something that can be in a material sense or imposed on the right to sue. The cryptocurrency clearly does not meet any of the requirements, but the courts have taken a pragmatic approach to ensure that new intangible assets such as cryptocurrency are considered real estate.
This flexible approach meant that A.A. was able to obtain detention compensation. Bitfinex duly froze the account and gave AA the identity of the customer who owned the stolen BTC wallet.
As it turns out, BTC was returned before AA’s lawyers contacted Bitfinex and cannot be returned. AA reached a confidential settlement with a Bitfinex client (also a defendant in AA’s claim) and then turned its attention to Bitfinex for further compensation. The insurer has filed several lawsuits against Bitfinex, including a claim that Oslo Børs received BTC (or tracked income) when it was AA-owned. Thus, AA announced that it was necessary to secure legitimate credit by making Bitfinex liable to AA for BTC. It was also said that Bitfinex was ruthless if BTC was legally transferred to the correct wallet.