Rahman Ravelli
Rahman Ravelli Solicitors Logo
Switchboard: +44 (0)203 947 1539

About Us Expertise PEOPLE International Legal Articles News Events Contact Us toggle button for phone toggle button for search

Cryptocurrency: Theft and Asset Recovery

Author: Syedur Rahman  16 September 2020
5 min read

Syedur Rahman of Rahman Ravelli assesses the benefits of civil remedies available to help locate and recover cryptoassets when they have been misappropriated by a hack, fraud or other criminal wrongdoing.

As with any other asset, cryptoassets can be stolen.

To take an example of such theft, Ethereum Classic suffered three 51% attacks in August 2020. These attacks resulted in millions of dollars' worth of its cryptocurrency - an asset referred to as ETC - being double spent. In another attack, the perpetrator moved more than 807,000 ETC from an unspecified crypto exchange to several wallets, including their own wallet address, via private transactions.

At this point, it is appropriate to explain some key terms:

  • Ethereum Classic is a distributed network consisting of a blockchain ledger, its native cryptocurrency (ETC) and an ecosystem of on-chain applications and services. It was launched in July 2016.
  • The blockchain is an unalterable record of data that is time-stamped and then distributed and managed by a series of computers not owned by a single entity. Each of these ‘blocks’ of data is secured and attached to one another using cryptographic principles. The blockchain cryptography means that records of transactions cannot be tampered with. Once a transaction is recorded, it cannot be deleted or removed.
  • A 51% attack refers to an attack on a blockchain when the attacker manages to take control of the majority of the network's hash rate; which is the measuring unit of the processing power of the network. In the case above, it was Ethereum Classic. This attack can cause disruption to the network by enabling the attacker to reorganise or rewrite transactions.

While such terms may be bewildering to those unfamiliar with the intricacies of cryptoassets, it is important to remember that when such assets are stolen they can be regained. But speed is often a vital consideration in relation to cryptoasset recovery, as perpetrators of the wrongdoing are likely to move the assets quickly.

With criminal investigations and the law enforcement process often proving very slow and attacks of this nature evidently becoming more commonplace, it is worth anyone who has lost such assets considering the civil remedies available to them. Such remedies are often more efficient and effective at identifying and seizing back assets than relying on law enforcement agencies.

Civil Remedies

The civil courts have a wide range of remedies at their disposal to deal with the recovery of assets.   

These include:

  • Disclosure orders to order the production of information to assist in the identification of the perpetrators; such as a Norwich Pharmacal order or a Bankers Trust order.
  • Freezing injunctions, which can be granted to hold and retain cryptoassets.

There is a popular myth that cryptocurrency is entirely anonymous and that victims cannot recover their money once it has been taken because the person committing the fraud or the hack is unknown. In fact, cryptoassets are pseudonymous – people will be operating under false names. But various ID addresses can be de-anonymised because owners are normally registered on the blockchain, such as with Ethereum Classic, or with exchanges. It is possible to link that registration to an identity. 

An application for a Norwich Pharmacal order or a Bankers Trust order can, therefore, be made in the High Court to order an exchange to produce information to assist in the identification of the perpetrators. At the same time, freezing injunctions can be granted to order the exchange to retain the cryptoassets.     

Cryptoassets and the Definition of Property

Cryptocurrencies do not fall within the traditional definitions of personal property according to English law, being neither ‘choses in possession’ (as virtual and intangible goods) nor ‘choses in action’ (embodying any right capable of being enforced).

However, on 18 November 2019, the UK’s Taskforce’s Legal Statement concluded that cryptoassets are to be treated, in principle, as property from a legal standpoint by aligning with the indicia of property, as established by Lord Wilberforce’s four principles of property in National Provincial Bank v Ainsworth: being definable, identifiable by third parties, capable by their nature of assumption by third parties, and having some degree of permanence. Ultimately, the Legal Statement classified cryptoassets as being “another, third, kind of property”.

AA v Persons Unknown

This interpretation, while not a statement of law, was considered by Bryan J in the cyber fraud case of AA v Persons Unknown, which sets out the relevant legal test for interim injunctions in relation to cryptoassets.

This case involved a Canadian insurance company (the company) that had its system hacked and malware installed. The company received a demand for payment of Bitcoin, in exchange for the decryption tool, and an address was provided to where payment could be made. The company contacted its own insurer (the insurer), which instructed an agent to deal with the wrongdoers. The agent negotiated the ransom payment down. An amount of Bitcoin was then transferred to the wrongdoers and the decryption tool was provided.

Once the company’s systems had been restored, the insurer then sought to recover the Bitcoin that had been paid for the decryption tool. The insurer instructed a specialised blockchain investigator to trace the cryptoassets. He identified that some of the Bitcoin was held in an account with the exchange Bitfinex. Some of the Bitcoin had already been transferred to fiat currency (a government-issued currency that isn't backed by a commodity such as gold).

With this information, the insurer then applied to the English High Court for:

  • A hearing to be held in private.
  • A Norwich Pharmacal order and/or a Bankers Trust order to identify the recipients (which was ultimately adjourned following the Bryan J’s comments on serving out of the jurisdiction and risk of dissipation).
  • As primary relief, a proprietary interim injunction to prevent the dissipation of the Bitcoin.

On the applications sought, Bryan J considered the UK Taskforce’s interpretation as commentary to the proprietary status of cryptocurrencies and, therefore, concluded that Bitcoin in this case was a form of property, capable of being the subject of a proprietary inunction.

The question then was should the proprietary injunction be granted. In considering this, Bryan J set out the following test:

  • Is there a serious issue to be tried?
  • Does the balance of convenience lie in granting the relief applied for? Specifically:
    1. the consideration of the efficacy of damages as an adequate remedy;
    2. the adequacy of the cross-undertakings to damages; and
    3. (the overall balance of convenience including the merits of the proposed claim.

On the facts, both limbs were satisfied, and Bryan J granted the without notice interim proprietary injunction against Bitinex and other persons unknown in relation to the BTC.

Toma v Murray

In the more recent case of Toma v Murray, however, the English High Court refused to continue an interim injunction that restrained the defendant from dealing with Bitcoin held in a coin depot account, over which the claimants had previously asserted a proprietary right.

In determining the application, the court referred to the test set out in AA v Persons Unknown. But in this case the court was not persuaded that the balance of convenience lay with the claimants. The court considered that this case was essentially a claim for the value of the Bitcoin, which is capable of being satisfied in monetary terms.

It is interesting to note the divergence in the court's approach in this case - where the identity of the defendant was known - from that taken by the court in AA v Persons Unknown, where the identity was not known. There is clearly a strong indication that the civil courts rather than criminal courts will provide claimants with greater scope for protecting their assets in cases where the identity of a potential fraudster is not known.


In criminal trials in England, the prosecution has to prove guilt “beyond reasonable doubt”.  However, the standard of proof in civil fraud claims is the same as in all other civil claims: on the balance of probabilities. This means the claimant must show that it is more likely than not that the defendant committed a fraud, which is much less burdensome than the need to prove it beyond reasonable doubt. Claimants, therefore, are more likely to be successful if they take the civil law route.

It is important, therefore, to remember that criminal proceedings and the involvement of law enforcement agencies are not the only options open to those who have had their cryptoassets misappropriated in some way. The civil remedies which can be deployed can often prove to be more effective and efficient at tracing and locating the cryptoassets. While tracing and recovery is by no means an easy task, with the right legal team and investigators the victims of a hack – such as those carried out against Ethereum Classic - can seek to recover their assets in the civil courts.

Syedur Rahman C 09551

Syedur Rahman


+44 (0)203 910 4566 vCard

Download Profile PDF

View Profile

Syedur Rahman is known for his in-depth experience of serious fraud, white-collar crime and serious crime cases, as well as his expertise in worldwide asset tracing and recovery, international arbitration, civil recovery, cryptocurrency and high-stakes commercial disputes.

Share this page on