Locating stolen cryptocurrency: how disclosure orders can help

Jan 2023


Singapore Court Permits Claim to Recoup Tether

Amanda Lees, Suraj Sajnani and Sarah Jones look at a recent Singapore Court decision which determined that cryptocurrency is property. Introduction On 25 July 2023, the Singapore High Court handed down its decision in the case of ByBit Fintech Limited v Ho Kai Xin and...

Crisis Management ‘How To’: Don’t Throw Your Hands In The Air!

In our latest post, we turn to crises – and, more importantly, how to manage them. Crises can take a number of forms and by their nature they happen unexpectedly without warning.  Inhouse counsel have an important role in identifying risks in order to prepare for a crisis.  While a crisis is unfolding, inhouse counsel are critical in protecting privilege and providing legal advice in the moment.

In the latest word on cryptocurrency disputes, the English High Court in LMN v Bitflyer Holdings Inc and others granted a disclosure order against six cryptocurrency exchanges for know your client (“KYC”) and location information relating to cryptocurrency that had been siphoned away by hackers.  Again the court has shown it is willing to adapt the law to address the challenges of cryptocurrency and the exchange model, in order to protect the interests of victims of cryptocurrency fraud.

The brief facts

The Claimant is a cryptocurrency exchange incorporated in England.  The Claimant’s modus operandi is similar to the other exchanges from whom it was seeking disclosure: as an exchange, it holds customers’ cryptocurrency in its own wallets, but similar to a conventional bank, it owes a personal obligation to pay each customer an amount equivalent to their deposited cryptocurrency.  Some of the cryptocurrency held by the Claimant was stored on ‘Hot Wallets’, i.e., digital asset wallets connected to the internet.

Two years ago, hackers obtained access to the Claimant’s systems and transferred millions of dollars’ worth of cryptocurrency away from the exchange.  While the Cyber Crime Unit of the Metropolitan Police assisted the Claimant for three months, eventually they suggested that the Claimant consider civil proceedings.  That is how the current disclosure order application came to be.

On-chain but obscure

In the course of the proceedings, the Claimant instructed an expert to trace the transferred cryptocurrency.  Using details of the transactions executed during the hack and tracing tools, the expert was able to track the cryptocurrency on the blockchain.

A number of these chains of transactions ended with Bitcoin or Bitcoin cash been transferred to what the expert identified as ‘exchange addresses’, which are addresses owned and operated by an exchange.  At this point her ability to trace the assets stopped as exchanges often use the same digital wallet for multiple customers.  Transactions between customers on an exchange are often carried out “off chain” as ledger entries in the exchange’s ledger rather than being carried out on the blockchain.  Without the ledger, it is impossible to know who owns the relevant cryptocurrency currently.

In the application, the Claimant argued that it is impossible to trace the cryptocurrency any further without information from the exchanges about the individuals behind the transactions.  The Claimant sought any KYC and anti-money laundering (“AML”) information collected on the individuals from the exchanges.

Given the complicated and sometimes unknown holding structures of cryptocurrency exchanges, the Claimant pursued the various exchanges’ “topco” and then a person unknown representing the actual exchange entity holding the relevant wallet.

A modern approach to jurisdiction

The English court took a pragmatic approach to determining whether it had jurisdiction to make the disclosure orders sought.  Typically, the court would refrain from making such orders if the information sought is located in another country, or if it is asked to make orders against foreign defendants.

Here, the Court emphasised that it faces novel challenges of fraud in relation to cryptocurrency transactions.

When considering the location of the relevant information, the Court stated:

Here, it is not known where the relevant documents are located. While there is clearly a possibility that the documents are in another or other jurisdictions, they may be in this one. Furthermore, it may well be that the location of the documents (which may be electronic) is of little significance.[1]

The Court went on to say that the stringent approach previously adopted in 1985 for disclosure orders in relation to banks may no longer be apt.

The Court considered that requiring an alleged victim of fraud to “make speculative applications in different jurisdictions to seek to locate the relevant exchange company and then to seek disclosure” would be impractical and contrary to the interests of justice.  It would increase costs and delay and reduce the chances of the Claimant locating the proceeds.

In granting permission to serve out of jurisdiction, the court did not consider that the assets had to be in England at the time permission to serve out was sought.  Further, it found that England is the proper place to bring the claim because (i) the Claimant is an English company, (ii) there are good grounds to consider the situs of the cryptocurrency to be England, (iii) relevant documents are in England and (iv) the law of England and Wales arguably governs the proprietary claim.

Broad Scope of Court’s order

The court’s order required that the Defendants provide information in respect of any customer account which received the defrauded cryptocurrency in question, including the name, KYC information and documents and any other information that helps identify the account holder (email addresses, residential addresses, phone numbers, account details, etc).

The court also ordered the Defendants to provide, to the best of their ability: (i) an explanation of what has become of the relevant cryptocurrency, (ii) the balance in the customer account before it received the cryptocurrency and at the time of the Defendant’s response, and (iii) where transfers have been made from that customer account to another, the name and address of the other recipient accountholder.

All the Defendants (except one who did not express any views), indicated that they would comply with an order if made, and assist despite the Claimant’s hurdles in identifying the precise company of the exchange which was responsible.

Private hearing and confidential order, but public judgment

The court made confidentiality orders, directing the Defendants not to inform persons (other than its subsidiaries) of the proceedings, and allowed the first hearing to be held privately to avoid defeating the object of the proceedings by tipping off the fraudsters.

However, for the second hearing (at which the substantive disclosure order was determined), although it was held in private, an anonymised and redacted judgment was made public by the court given the  importance of the judgment in the area of cryptocurrency fraud.

Service by contact form

There must be ‘good reason’ for the court to grant permission to serve by alternative means.  Although it did not consider this case to be one of ‘hot pursuit’, given the considerable time between the fraud and the applications, this did not mean that expedition was no longer important.  As the court noted, “steps should be taken before the scent goes colder”. Accordingly, it made orders for service by alternative means by email and, in one case, by posting a link to the documents on an online contact form on the Defendant’s website.

Key takeaways

This judgment provides yet another example of how quickly the jurisprudence is evolving in the space of cryptocurrency disputes.

Key points that cryptocurrency exchanges, investors, and victims of crypto fraud should be aware of:

  • The court’s modern approach to jurisdiction which allows the court to take a pragmatic approach to determining if it is the right forum in which to bring proceedings. The court will not be restrained by technical arguments regarding the location of electronic documents.
  • The scope of disclosure can be very broad. Exchanges must be prepared to retrieve such information and provide it within limited time.


Amanda leads KWM’s Dispute Resolution Team in South East Asia. Amanda enjoys getting stuck into knotty legal problems and learning all about her client’s businesses and industries. Based in Singapore since 2012, Amanda is at home in hawker markets as much as the arbitration centre at Maxwell Chambers. When not reading arbitration cases or drafting arbitration awards, pre-Covid Amanda used to love travelling with her family across Asia to clamber over temples, spot tigers, watch cricket and get harassed by monkeys. She is still getting harassed by monkeys hiking around Singapore. Amanda is proud her adopted home has the world’s best airport (Changi) and hopes to be flying again very soon.

Suraj is the Editor of KWM Pulse.  A self-proclaimed arbitration geek, he is a Dispute Resolution specialist working across our Singapore and Hong Kong offices.  While ethnically Indian, he was born in Hong Kong, lives in Singapore and is Asian at heart (his Canto is decent, so if you are going to talk about him while he’s in the room, you may want to pick a different language).  When he’s not sourcing full text PDFs of every arbitration treatise for his iPad in his constant effort to go paperless, you’re likely to find him hiking or fawning over the next Apple launch.

Clémence Bernard is a Legal Executive in KWM’s Dispute Resolution Team in Singapore. A third culture kid at heart, Clémence loves the bustling multiculturalism of Singapore and international arbitration. When she is not drafting pleadings for her clients, you can find her running alongside the Singapore river, browsing the French literature section in Kinokuniya or seeking out the best foodie spots in the Lion City.

Subscribe to KWM Pulse Updates