Recovering ransom bitcoins sent to exchanges – Bitcoin Magazine

This is an opinion editorial by Matthew Green and Brian Mondoh, contributors for Bitcoin Magazine.

With all cryptocurrencies available, including bytecoin, monero and zcash built for anonymity, ransomware attackers continue to demand bitcoin and some reports show darknet markets are fueled by bitcoin transactions (see pages 54 and 109 of the Chainalysis 2023 Crypto Crime Report). Apparently, bitcoin remains one of the most valuable assets for criminals using blockchain technology given its relative stability, price, and relevance.

Similarly, in many cases, where other cryptocurrencies have been stolen, obfuscated, or paid for in a scam, funds are transferred to bitcoin and then mined to fiat. In August 2021, Liquid Exchange announced that 67 different ERC-20 tokens, along with large amounts of ether and bitcoin, had been moved by a party working on behalf of the Democratic People’s Republic of Korea. The attacker swapped numerous tokens including ERC-20 tokens for ether and then bitcoin before cashing out. As a result, approximately $91.35 million was laundered. Similar transfers were made during the Spartan Protocol hack in May 2021, where the attacker was able to steal around $30 million from the project.

While large-scale attacks worth hundreds of millions of dollars are investigated by government agencies designed to combat criminal activity, similar values ​​of bitcoin are mined from people and businesses every day. . There are now systems in place to allow individuals, including corporations, to trace their assets (and income) and use the court system to restore them.

This approach has been practiced regularly in the English court system and is on the increase in other common law jurisdictions, which rely on precedent to match victims with their funds. Below is a summary of the legal and practical journey of how this happened.

When Bitcoin Became Property

In England, before December 2019, the question of whether cryptocurrencies were property under the law was still undetermined. Common law dictates that property is either something possessable or enforced by action (like debt), and the law had difficulty categorizing bitcoin in this way. A “legal statement on crypto assets and smart contracts” prepared by the UK Jurisdiction Taskforce (UKJT) only a month earlier noted that “crypto-assets have every indicia of ownership,” the first sign of bitcoin being recognized as a property.

The matter was finally considered in court in December 2019 (see: AA vs Unknowns & Golds, Re Bitcoin). A Canadian hospital was the victim of a malware attack, ransom was demanded in bitcoin and paid its London insurer. The ransom payment led to the recovery of the hospital’s data and access to its systems. However, the insurer sought to trace and recover this ransom given that the flow of transactions could be seen on the blockchain. The insurer then commissioned a blockchain analytics firm to help trace the ransom proceeds, which ended up at Bitfinex, an exchange listed in the British Virgin Islands.

Knowing this, the insurer then applied to the High Court of England for an interim measure to freeze the funds, to freeze the global assets of the people who controlled the deposit address at Bitfinex, and for disclosure orders. It’s worth nothing that the identity of the person controlling the relevant address was not known, so more information was needed before the insurer could proceed.

In order to obtain these remedies, the court had to determine whether bitcoin was property, and the judge noted in the judgment that “I am satisfied, for the purposes of granting an interim injunction in the form of an interim exclusive injunction , that crypto-currencies are a form of property liable to be subject to an asset injunction”.

As a result, bitcoin and cryptocurrencies in general could be treated like “real estate” like any other asset, and (theoretically) be frozen, transferred, and treated like other property such as a car, house, or fiat currency.

Why is this important?

The The “AA v Persons Unknown” case saw the first exclusive injunction on bitcoin. This means that the paid bitcoin – or its traceable product, in this case those found at Bitfinex – has been frozen and subject to the decision of the English High Courts. The insurer now had its bitcoin closed. The insurer’s request therefore resulted in the freezing of these funds, the identity, including know-your-customer documents held by Bitfinex, of the person who controlled the deposit address, and a worldwide injunction to freeze their assets.

There was now a precedent for tracing, freezing and recovering bitcoin, available to individuals who could go to court to exercise their rights as a victim of fraud. It is important to note that the objective is to trace and hunt the funds, not necessarily the party who committed the fraud in the first place, although the owner of the deposit address and the original criminals are usually related, such as blockchain analysis, open source intelligence or law enforcement prove it. . It is always worth informing the authorities of any crime that has been committed in any event.

There are now a host of cases in England, the United States and Singapore where bitcoin and other cryptocurrencies have been frozen to aid recovery, including the enforcement of third-party debt orders, which compel a exchange to transfer funds from an address to the victim.

Challenges to consider

Despite an increasing number of healings, it is necessary to turn to certain obstacles.

First, there are business considerations, like how much has been lost and whether it’s worth instructing investigators and attorneys. Experts are not always cheap and if the amount lost is nominal, it may not be worth suing. Second, which jurisdiction is relevant? Taking England as an example, if the victim is domiciled there, if the fraudster was connected or if the fraud occurred in England, the English courts will generally have jurisdiction to consider these cases. Without one of them, the victim may have to pursue their case in another more relevant territory.

Next, look at the search report, which shows the flow of funds, from when they left the victim or affected account, to where they are now. Consider where the funds went, if they reached an exchange at this point (live tracing is usually available), and if so, which exchange. From experience, and again using England as an example, exchanges want to be seen to be doing the right thing in complying with English court orders, and the risk of breaching them and the resulting negative press is an important factor. In this regard, to get the key information from the exchanges, applications against these exchanges are necessary and it is important to determine which one to pursue.

Once the assets are frozen, the next steps depend on who controls the address of the funds. They may want a quick deal, not respond at all, or want to take legal action, although generally those connected with criminal activity do not want their business immortalized in court documents.

In the event that the court agrees that the assets belong to the victims and orders that they be transferred, the victims must consider enforcement, ie how they recover their funds. Third-party debt orders require exchanges to transfer assets, but when this is not available, other tactics come into play and vary depending on the circumstances. These may be individuals who have been identified as other address holders, alleged executives of the fraudulent business or otherwise, and insolvency proceedings may be brought against them, particularly where conspiracy and joint and several liability are available. However, settlement, based on their response, is still preferable to all parties involved.

Recoveries in different areas

While stories of decentralized exchange hacks worth hundreds of millions of dollars make the headlines, it should not be forgotten that people who are victims of romance scams, insurers paying ransoms, victims of scams in general and insolvency proceedings involving digital funds, there are ways to investigate and recover bitcoins and other blockchain-based assets.

It is important to note that where victims can come together to create an appropriate group for a class action, litigation funding may be available and the cost of the process shared. It can also lead to massive recovery, helping those who have only lost a little.

In addition, insurers, who continue to pay bitcoin ransoms on behalf of their customers, may be able to recoup those ransoms and break the payment cycle, fueling the pursuit of the ransomware industry. Insurers can become the solution, respecting their contract with their client and depriving criminals of their ransom.

There are endless applications for recovery, including bitcoin where applicable, and as common law precedents continue to multiply, best practices will continue to develop. The UK continues to recognize the value of fast and effective remedies in asset recovery and on 22 April 2021 the UKJT published the ‘Digital Dispute Resolution Rules’, which aim to facilitate rapid resolution and profitable business litigation involving digital and blockchain assets. In summary, the UK takes litigation involving blockchain seriously and the inherent flexibility of common law jurisdictions continues to focus on assisting victims and recovering ill-gotten gains.

This is a guest post by Matthew Green and Brian Mondoh. The opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.