Crypto / NFT fraud and theft: will the new gateway 25 assist?
In our two-part article last year, we explored what to do if your cryptocurrency or NFT is stolen.
In the first part, we set out some strategies that can be put in place to reduce the chances of falling victim to fraud. In the second part, we looked at the options for enforcement where fraud and theft had already occurred, noting in particular the requirement to act as quickly as possible. We highlighted the need to determine who proceedings can be brought against and on what basis and the difficulties that can arise where the defendant is outside of this jurisdiction. This is significant in cases involving cryptocurrency or NFTs as the potential defendant or the party with relevant information will often be in another jurisdiction. This update deals with the new gateway 25 in Practice Direction 6B.3.1 of the Civil Procedure Rules (“Gateway 25”), which came into force on 1 October 2022 and allows information orders to be served out of the jurisdiction. Will this help in cases of cryptocurrency or NFT fraud?
Identifying the wallet holder
A common difficulty in cryptocurrency or NFT fraud cases is identifying the person who has the asset now. This is because of the nature of digital assets and the anonymity associated with them. A lot of people choose to invest in cryptocurrency or NFTs precisely because it is more anonymous (and therefore private) than traditional assets and crypto wallets are only identified by a number so even if the assets can be followed and traced, that would not identify the owner. This can be problematic, as in order to issue a claim to recover the asset, the identity of the owner is required.
A party can obtain information about a wrongdoer by applying to the court for either a Norwich Pharmacal Order or a Bankers Trust Order, which are both orders that require third parties (so not the wrongdoer itself) to provide information and / or documents about the wrongdoer. These were both covered in part 2 of our article. The difficulty has been that as a matter of policy, the English Courts have not wanted to make disclosure orders against third parties outside of the jurisdiction. Instead, the remedy is for the aggrieved party to go to the local courts in those jurisdictions to apply for the orders they require, if those jurisdictions have the same relief.
However, there have been a number of cases where the English courts have been willing to assist victims of fraud by granting information orders against parties outside of the jurisdiction in claims involving cryptocurrencies and NFTs. Claimants have issued a claim against persons unknown, together with an application for permission to serve out of the jurisdiction and an application for a Bankers Trust Order to obtain information. However, these cases have mainly been decided ex parte, have produced conflicting decisions and cannot be relied upon in other cases. The new Gateway 25 is intended to address some of the difficulties.
Gateway 25 creates a new jurisdictional gateway for service out of the jurisdiction. It provides as follows:-
(25) A claim or application is made for disclosure in order to obtain information-
(i) the true identity of a defendant or a potential defendant; and / or;
(ii) what has become of property of a claimant or applicant; and
(b) the claim or application is made for the purpose of proceedings already commenced or which, subject to the content of the information received, are intended to be commenced either by service in England and Wales or pursuant to CPR Rule 6.32, 6,33 or 6.36.
The wording of the gateway makes clear that it will apply to both pre-action applications and those issued after proceedings have commenced and it can be made against non-parties to the proceedings. This will be really useful in cases of cryptocurrency and NFT fraud where a potential claimant is seeking to identify the holder of a wallet that their asset has been transferred into. Crypto exchanges hold KYC information for the people who use their service and therefore, could provide information that would help identify the true identity of a potential defendant.
It is important to note that there will be no automatic order made. Parties will still have to show that the requirements for service out of the jurisdiction are all met, including that there is a serious issue to be determined on the merits, a good arguable case and that England is the appropriate forum for the case. However, there seems no doubt that the gateway will make it easier to obtain an order for information in cryptocurrency and NFT fraud cases
LMN v Bitflyer Holdings Inc and others  EWHC 2954
Gateway 25 has now been applied by the Court in a case involving cryptocurrency where the court granted information orders.
The basic facts of the case are that the claimant company, incorporated in England and Wales, operates a cryptocurrency exchange. Hackers had obtained access to its systems and transferred millions of dollars’ worth of cryptocurrency from it. The claimant sought help from a number of UK Regulatory and law enforcement agencies for three months, after which those agencies said they could provide no further assistance and recommended civil proceedings. The claimant then instructed an expert to seek to trace the cryptocurrency which had been transferred. It was traced into an exchange address and the claimant said it was impossible to trace further without information from the exchanges about the individuals behind the transactions.
The claimant applied to the court for permission to serve out of the jurisdiction and to serve by alternative means and for information orders. In relation to service out, the Court had to look at whether there was a serious issue to be tried on the merits, whether there was a good arguable case that the claim fell within one of the gateways and whether England and Wales is the appropriate forum for the claim to be tried.
On the merits, the Court concluded that the claimant has a good arguable case that whoever holds the cryptocurrency or traceable substitutes does so as a constructive trustee. Under the Bankers Trust jurisdiction, the Court concluded that there is a good arguable case that cryptocurrencies are a form of property and that when property is obtained by fraud, equity imposes a constructive tryst on the fraudulent recipient and the property is recoverable and traceable in equity.
The second issue was whether there is a good arguable case as to the availability of a gateway for service out. The information being sought in this case was:-
In respect of any customer accounts which the relevant target cryptocurrency were allocated to or received on behalf of:
1.1.1. The name the account is held in;
1.1.2 All know your customer information and documents in respect of the accounts;
1.1.3 Any other information and documents held in relation to the account which might or does identify the holder of the account, including but not limited to bank account and payment card details, email addresses, residential addresses, phone numbers, bank statements, correspondence and documents provided on account opening or verification.
1.2 To the best of the relevant defendant’s ability;
1.2.1 an explanation as to what has become of the relevant Target Cryptocurrency;
1.2.2 Insofar as the relevant Target Cryptocurrency has been transferred to any other accounts, the details of the onward accounts set out in paragraph 1.1 above.
The Court held that the information sought falls within the terms of (a)(i) and (a)(ii) of Gateway 25. The court also noted that as to (b), the claimant’s stated intention is that, should the information obtained reveal a potential cause of action defendants in the jurisdiction, it will commence proceedings against them.
The Court held that England is the proper forum on the basis that the claimant is an English company, the relevant documents are located in England and the situs of the cryptocurrency is England.
The court accepted that in order to allow service by alternative means, there needs to be exceptional or special circumstances, which it took to mean a factor which provides a sufficiently good reason to allow it. The Court was satisfied that there was a good reason afforded by the nature of the claim and the need for steps to be taken as soon as possible and before the scent goes cold. The Court allowed service at a number of specified email addresses and in one case, by posting a link to the documents on the online contact form on the relevant defendant’s website.
It seems likely that Gateway 25 will make it easier for claimants to obtain orders requiring third parties to provide information. Whether this is of any practical benefit will still depend on whether the third party respondents, who will be outside of England and Wales and the Court’s jurisdiction, will be willing to comply with orders made by a foreign court. The English courts cannot force them to comply.