As the market for cryptoassets continues to increase in size and spread, so too have levels of crypto fraud. Between April and September 2021, the UK’s Financial Conduct Authority received 4,300 reports of cryptoasset frauds via its ScamSmart website, making it by far the most reported issue.
Because of the nature of cryptoassets, they can be dissipated in the click of a button and, with no national barriers, unlawfully obtained cryptocurrencies can be difficult to trace. Victims of crypto fraud therefore need quick interim remedies if they are to stand any chance of ultimately recovering their assets. A series of cases in recent years show how existing English law mechanisms can assist victims in the “hot pursuit” of unlawfully obtained cryptoassets by, among other things, granting orders to: secure the assets (or related traceable proceeds); preserve assets of the fraudsters pending enforcement; and discover the true identity of the fraudsters so that an effective remedy can be sought against them.
Preventing the dissipation of assets
In seeking to secure the unlawfully obtained cryptoassets (or related traceable proceeds) and / or any assets of the fraudsters, victims of cryptoasset fraud may be able to obtain proprietary injunctions or freezing orders.
A proprietary injunction operates to freeze particular assets (in these cases, the unlawfully obtained cryptoassets) over which the claimant believes it has a proprietary interest. Since the decision in AA v Persons Unknown  EWHC 3556 (Comm), the English courts have accepted that cryptoassets constitute “property” for the purposes of obtaining a proprietary injunction. Proprietary injunctions can be directed towards crypto exchanges, making them a key tool in preventing or limiting the dissipation of unlawfully obtained cryptoassets that have been traced to a certain exchange (albeit there is no requirement to show a risk of dissipation to obtain a proprietary injunction) and also against the alleged fraudsters (see, for example, AA and Danisz v Persons Unknown  EWHC 280 (QB)). However, a key feature of fraud cases is that the identity of the alleged perpetrators is often unknown. There have been a number of cases in the English courts which have recognised that it is possible under English law to issue claims and obtain injunctions against persons unknown, with the critical feature being that the description used must be sufficiently certain as to those who are included and those who are not. For example, in Fetch.ai Ltd and another v Persons Unknown Category A and others  EWHC 2254 (Comm), when faced with applications for proprietary relief against persons unknown by a victim of alleged crypto fraud, the judge divided the persons unknown into three categories: “those who were involved in the fraud''; ''those who have received assets … without having paid the full price for them''; and ''innocent receivers''. In order to avoid innocent receivers being in breach of the order, the court limited the scope of proprietary relief available in respect of them to assets that they “either knew, or ought reasonably to have known, belong to the claimant or did not belong to them”.
To obtain a proprietary injunction, the claimant has to identify the specific property in question, and demonstrate that, in line with the American Cyanamid principles:
- there is a serious issue to be tried on the merits; and
- the balance of convenience is in favour of the granting of an injunction.
The balance of convenience involves consideration of the efficacy of damages as an adequate remedy, the adequacy of the cross-undertaking as to damages, and the merits of the proposed claim.
Of course, proprietary injunctions will not be available in all cases of cryptoasset fraud – the English courts have declined to grant such injunctions in circumstances where the claimant could not show that they had a proprietary interest over the property in question (see, for example in Wang v Darby  EWHC 3054 (Comm), where the parties had entered into a contract to “swap” certain cryptocurrencies, but the nature of the contract precluded the formation of a trust and therefore a proprietary interest over the cryptocurrency) or where damages are likely to be an adequate remedy (see, for example, Toma and another v Murray  EWHC 2295 (Ch), where the court found that the claim was essentially for the value of the bitcoin which was capable of being satisfied in monetary terms given that the defendant was identified and owned a sizeable unencumbered asset).
A freezing order is wider than a proprietary injunction and prevents the defendants from disposing of or dealing with not only the stolen cryptoassets but some or all of their other assets. In general, to be granted a freezing order, the claimant must show a cause of action with a good arguable case, the existence of assets to which a freezing injunction could apply, and a real risk that the (often unknown) defendant would seek to dissipate or hide those assets in a bid to defeat enforcement action.
Given the draconian nature of these orders, they are typically made against the fraudsters, rather than the exchange holding the cryptocurrency at issue (as the English court did in Ion Science Ltd v Persons Unknown and others (unreported), 21 December 2020 (Commercial Court)). In light of that, in a departure from the usual rules, in cases of alleged crypto fraud the English courts have consistently held that freezing injunctions can also be granted against persons unknown, even though that means that the claimant cannot typically show that any assets would necessarily be caught by the order (see, for example, Ion Science Ltd, Fetch.ai Ltd and Danisz).
Victims of crypto fraud may need the court’s assistance to obtain the necessary information to enable them to both trace the stolen assets or proceeds thereof and identify those against whom a substantive claim can be brought (which can be particularly helpful if the assets themselves cannot be traced). This may include payment-related information about account holders of the end-wallet to which any of the unlawfully obtained cryptossets have been stolen from or to which they have been traced, and the entities best placed to provide this information are typically the exchanges.
Such information can be obtained using Norwich Pharmacal Orders and/or Bankers Trust Orders, both of which are forms of disclosure orders made under the English courts’ equitable jurisdiction – however, unlike third-party disclosure orders, they can provide for the respondent to provide both documents and information. A Norwich Pharmacal Order is typically sought where a party knows that wrongdoing has taken place against it but does not know the identity of the wrongdoer, yet can identify a third party who has this information. It can also be used to obtain information to enable a party to plead its case against the wrongdoer, to trace assets or to bring proprietary claims. A Bankers Trust Order is very similar; however, it is made against financial institutions.
A key distinction between the two types of order is whether they can be granted against entities out of the jurisdiction. The English courts have expressed some doubt as to whether a Norwich Pharmacal Order can be made against entities out of the jurisdiction, but have been prepared to make Bankers Trust Orders in such circumstances. While, in Fetch.ai, the judge expressed some scepticism as to whether such a distinction between Norwich Pharmacal Orders and Bankers Trust Orders could be maintained, he made a Bankers Trust Order against the crypto exchange’s Cayman Island entity and a Norwich Pharmacal Order against its UK entity. In Danisz and Ion Science Ltd, the English courts made only Bankers Trust Orders against the relevant exchanges, each of which was located out of the jurisdiction.
Other useful procedural mechanisms
Many cryptoasset exchanges are located out of the jurisdiction, and given the nature of cryptoassets this may well also be the case for the fraudsters. In light of those obstacles, the English courts have frequently been willing to permit service out of the jurisdiction and service by alternative means (such as by email). The fact that damage was sustained within the jurisdiction served as justification for the granting of the former (see, for example, Danisz), while the lack of information about where the defendant may be served coupled with the high risk of speedy dissipation of assets provided justification for the granting of the latter (see, for example, AA).
The English courts have also been willing to allow for hearings to be held in private and in anonymity, recognising that publicity may defeat the object of such hearings within the meaning of CPR 39.2(3) due to the risk that it could ‘tip off’ the fraudsters, enabling them to dissipate the stolen cryptoassets and potentially even take retaliatory action against the claimant. The English courts have also restricted access to court files for similar reasons (see, for example, AA).
The law in this area is rapidly developing with a significant number of initiatives underway that may impact the way in which cryptoassets are treated under English law and also facilitate the resolution of disputes concerning cryptoassets. These initiatives include:
- the Law Commission’s project to make recommendations for reform which may enable digital assets to be recognised as “possessable” – in their latest update (on 24 November 2021), the Law Commission confirmed that the scope of the project had been expanded to consider both competing claims in relation to digital assets and how legal remedies or actions can protect digital assets;
- the UK Jurisdiction Taskforce’s Digital Dispute Resolution Rules which aim to facilitate quick and cost-effective means of resolving commercial disputes involving smart contracts and digital assets; and
- any recommendations from the sub-committee of the Civil Rules Procedure Committee that has been set up to look at amending or expanding the grounds on which proceedings can be served out of the jurisdiction, which would provide stronger support for claimants to trace cryptocurrency assets located overseas.
As the law continues to develop in this area, we can also expect to see claimants put forward novel arguments when seeking to recover any unlawfully obtained cryptoassets. One such example is Tulip Trading Ltd v Bitcoin Association for BSV and others  EWHC 667 (Ch), in which the claimant (an alleged victim of cryptoasset fraud) argued – albeit unsuccessfully in this case – that developers of blockchain software owe users of cryptocurrency a fiduciary duty of care, and must therefore take reasonable steps to protect their customers, including holding the developers responsible for re-establishing access to digital assets and reversing known frauds. The judge did, however, recognise that software developers may be under other duties in other circumstances, for example, not to take reasonable care not to cause harm to the interests of users when making software changes.