Digital asset recovery beyond borders – new hope for victims of cyber-fraud

In this article, Ludo Lugnani and Sophie Warner examine a recent case in which the High Court ordered six cryptocurrency exchanges based outside the UK to hand over customer details to a rival operator to track $10.7 million in stolen funds.

What happened?

In LMN v Bitflyer Holdings Inc & Ors [2022] EWHC 2954 (Comm) the High Court ordered six cryptocurrency exchanges, all based outside the UK, to hand over customer details to a rival operator to help it track $10.7 million in stolen funds.

The application was made on behalf of an anonymous UK-based cryptocurrency exchange that lost millions in digital assets in a breach in 2020. The orders, detailed below, were made against exchanges Binance, Bitflyer, Payward, Luno PTE, Coinbase Global and Huobi Global.

The exchange managed to trace $1.7 million of the assets to 26 accounts, all of which were owned or operated by one of the six exchanges in question. The funds were in digital currencies including Bitcoin, Ripple, Tether and Ethereum.

What did the Court order and why?

The exchanges were ordered to provide the names of the account holders, all “Know Your Customer” information and other documents and information about the accounts, such as bank account and payment card details, email and residential addresses, phone numbers and bank statements. Mr Justice Butcher understood the importance of securing this information quickly in order to prevent further movement of the stolen funds, stating that “steps should be taken before the scent goes colder”.

The Court ordered the disclosure even though the exchanges are not based in Britain. This decision follows a recent update to the Civil Procedure Rules, which give claimants greater access to information if the main proceedings have been brought in England and Wales, or will be — known as the disclosure gateway.

This is particularly significant as the claimants struggled to identify the correct legal entity that might hold the information. Depending on jurisdiction, the company which operates any given cryptocurrency exchange is often different, and this complicates matters for prospective claimants in knowing who to bring a claim against. The High Court said it would be

‘impractical and contrary to the interests of justice to require a victim of fraud to make speculative applications in different jurisdictions to seek to locate the relevant exchange company and then to seek disclosure’.

What does this mean for the future?

The case comes after figures from Action Fraud, the UK government’s national reporting centre for fraud and cyber-crime, reported that the amount lost to crypto fraud rose by 32% in the past year alone. Last year, $6.2 billion of cryptocurrency was stolen, according to blockchain research group Chainalysis, up 80% from 2020.

Developments regarding disclosure in disputes mean that victims of cyber-fraud and theft can feel confident that information which may be the key to them recovering their lost assets will be preserved and disclosed to them in a timely manner, before the assets are moved further and become untraceable. The development of the new gateway for third party information claims has simplified the process that victims must follow to obtain information from international organisations, such as crypto-exchanges, that might assist them in bringing an action to recover their lost digital assets. It is clear that courts will not hesitate to order the disclosure of such material, or indeed additional information which might identify the fraudsters, to facilitate tracing and recovery of lost assets, especially when time is of the essence.

This case is an important step forward for those who are trying to recover assets that have been taken fraudulently and moved across borders, a feature which might otherwise muddy the waters for prospective claimants seeking to recover their stolen assets. However, following the collapse of exchange FTX, more experienced cryptocurrency users have shifted to so-called Decentralised Exchanges (DEX) which, unlike Centralised Exchanges, are not controlled and managed by a central entity who captures their data on sign up. Further developments may be required in law to grant more powers to parties to regain assets lost in crypto frauds.

To find out how our team could help you, please visit our webpage or subscribe to our Tech+ newsletter.