Swift Action And Preparation Are Keys To Catching Crypto Hackers

September 1, 2021
Crypto hackers can move digital assets quickly and anonymously, but a recent Bitcoin hack shows how a U.S. crypto exchange can smooth the way towards better enforcement.

Crypto hackers can move digital assets quickly and anonymously, but a recent Bitcoin hack shows how a U.S. crypto exchange can smooth the way towards better enforcement.

In June and early July, unknown people carried out a “block-withholding” attack on the Bitcoin Satoshi Vision (BSV) network by reorganizing its blocks. As part of the attack, they released a chain of competing blocks that re-wrote the blocks of the correct chain and resulted in malicious double-spending of fake BSV tokens.

The attack affected GBM Global Holding, a company based in the Cayman Islands that runs a cryptocurrency exchange that trades BSV tokens. The exchange froze 92 accounts it identified as affected by the hack and also discovered eight crypto exchanges where the hackers had transferred some of the cryptocurrency to.

GBM took a series of prudent steps in handling the attack, aided in part by certain steps it had taken before the incident occurred, Celeste Koeleveld, partner at Clifford Chance, told VIXIO.

First of all, there is an indication that the company contacted the FBI to try to trace the assets and they have also taken legal action by filing a civil case at a federal court in New York, she explained.

In order to catch the assets and prevent them from being further transferred, they made a petition for a temporary restraining order and a preliminary injunction.

In an August 23 order, the New York District Court granted a temporary restraining order and preliminary injunction against the unidentified hackers.

To obtain such an order and relief, the plaintiff must show that it would suffer irreparable harm absent the relief, a likelihood of success on the merits, and that the balance of harms favors the petitioner, that is, that the petitioner would suffer greater harm than the defendants absent the emergency relief, Koeleveld continued.

The company filed the temporary restraining order ex parte, which means that it asked the court to grant the order without waiting for a response from the other side.

In addition, the court authorized GBM to serve the defendants by email, Koeleveld noted.

GBM reasoned that the defendants were based in China and the court could grant an alternative method of service in the case of international defendants. They also argued that the crypto exchange’s user agreement, to which the defendants consented when signing up for the platform, allows electronic service because it contains an explicit provision consenting to electronic receipt of all communications related to the accounts, which can be read to include electronic service.

“Typically, this is not an accepted means of service, by email, but the court permitted it under these circumstances, as this is the only contact information they have for these particular defendants,” Koeleveld said.

Despite the fact that GBM is a Cayman Islands company and the defendants are located in China, GBM filed suit in New York. GBM alleged that the hackers injected themselves into New York by allegedly engaging in two fraudulent transactions with two New York users of GBM's cryptocurrency exchange and by transferring cryptocurrency to other exchanges serving New York customers with the intent to sell them.

Plaintiffs also focused on U.S. contacts generally, including that the hacked BSV network is heavily centered in the U.S. and that at least 43 U.S. users were defrauded. The collection of those allegations was enough for the court to conclude that it could exercise jurisdiction at this stage, Anthony Candido, partner at Clifford Chance, explained.

It is also important to note that the petition was filed in aid of arbitration, to which the hackers also consented as part of the user agreement.

“Sometimes it is, ironically, easier to enforce an arbitration award from the United States than it is a U.S. judgment because there are a number of treaties that govern the recognition of arbitration awards,” Candido added.

The court has now banned the hackers from selling or transferring the fraudulent tokens and ordered the identified exchanges to keep the accounts frozen.

Following the freeze, there will be presumably an arbitration to affect meaningful relief, Candido said.

After that, he explained, the exchange can take the arbitration award to enforce in any U.S. jurisdiction where there is an exchange that still holds the relevant tokens. Then, the award can be recognized by a court in that jurisdiction and the tokens can be seized as a way of enforcing the judgment.

While quickness was a key to freeze the digital assets, the fact that GBM incorporated in its user agreement provisions for arbitration and service by email in advance was also essential to obtain an injunction.

Although anonymity is a main stumbling block for courts as they attempt to enforce the law against crypto criminals, UK courts also have legal arrangements to help them trace stolen assets, which they use willingly, as reported.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.