When we consider whether it is possible in law to obtain the recovery of stolen cryptocurrency units, what matters is normative, rather than technical, traceability of the stolen units. This is so whether the claim for recovery is based on the ownership of the units or the restitution of unjust enrichment.
There may be no technical traceability where stolen units are mixed up with other units in the address they have been forwarded to unless the units had been dyed prior to being stolen. In this sense, Patrick Murck seems right to observe in his presentation that while transactions are traceable, coins are less so. On the other hand, to affirm normative traceability, it might be enough to be able to say that the attacker or the persons further down the line could be deemed to hold all or part of the stolen units or their value.
Let us suppose that Alice had 70 units in her address (i.e. an address for which she holds the private key). Bob has stolen them through a phishing attack and transferred them to his address in which they have been mixed up with the 30 units he had held there. Unless the stolen 70 units had been colored, it may be technically impossible to say which of the now 100 units Bob holds in his address is originally Alice's. It is, however, possible to say that Bob holds the stolen units.
It is true that even a normative tracing becomes harder as the stolen units are forwarded down the line. Thus, let us suppose that Bob has thereafter transferred 40 units to the address of Carol. Again, unless the stolen 70 units had been colored, it may be technically impossible to say which, or even how much, of the 40 units Carol has received is originally Alice's. But it does not foreclose the possibility of a normative assessment that Carol holds part of the stolen units or their value. The normative assessment may take into account the circumstances surrounding Carol's acquisition including how much, if at all, she knew of Bob's theft. It will also be part of the normative assessment how much of the 40 units is deemed to derive from the 70 stolen units: (i) 28 units representing the proportion of the 70 units among the 100 units Bob held in his address or (ii) 10 units on the assumption that all 30 units Bob held legitimately has been transferred to Carol, or (iii) other amounts based on other calculations.
Some legal systems might opt for a simple solution of equating normative traceability with technical traceability. But other legal systems might differentiate them. It is also conceivable that different tests for normative traceability be applied between proprietary recovery and restitutionary recovery. While a test aligned with technical traceability may be preferred for proprietary recovery in order to ensure the specific identification of stolen units, it is not inevitable. Since it is ultimately a matter for legal policy whether to grant recovery merely as restitutionary relief or as proprietary relief (See my earlier post), it is not unimaginable to allow recovery of the stolen value (as opposed to the specific stolen units) as proprietary relief. The blockchain technology being a new invention, I guess that the rules are currently uncertain under most legal systems.
There may be no technical traceability where stolen units are mixed up with other units in the address they have been forwarded to unless the units had been dyed prior to being stolen. In this sense, Patrick Murck seems right to observe in his presentation that while transactions are traceable, coins are less so. On the other hand, to affirm normative traceability, it might be enough to be able to say that the attacker or the persons further down the line could be deemed to hold all or part of the stolen units or their value.
Let us suppose that Alice had 70 units in her address (i.e. an address for which she holds the private key). Bob has stolen them through a phishing attack and transferred them to his address in which they have been mixed up with the 30 units he had held there. Unless the stolen 70 units had been colored, it may be technically impossible to say which of the now 100 units Bob holds in his address is originally Alice's. It is, however, possible to say that Bob holds the stolen units.
It is true that even a normative tracing becomes harder as the stolen units are forwarded down the line. Thus, let us suppose that Bob has thereafter transferred 40 units to the address of Carol. Again, unless the stolen 70 units had been colored, it may be technically impossible to say which, or even how much, of the 40 units Carol has received is originally Alice's. But it does not foreclose the possibility of a normative assessment that Carol holds part of the stolen units or their value. The normative assessment may take into account the circumstances surrounding Carol's acquisition including how much, if at all, she knew of Bob's theft. It will also be part of the normative assessment how much of the 40 units is deemed to derive from the 70 stolen units: (i) 28 units representing the proportion of the 70 units among the 100 units Bob held in his address or (ii) 10 units on the assumption that all 30 units Bob held legitimately has been transferred to Carol, or (iii) other amounts based on other calculations.
Some legal systems might opt for a simple solution of equating normative traceability with technical traceability. But other legal systems might differentiate them. It is also conceivable that different tests for normative traceability be applied between proprietary recovery and restitutionary recovery. While a test aligned with technical traceability may be preferred for proprietary recovery in order to ensure the specific identification of stolen units, it is not inevitable. Since it is ultimately a matter for legal policy whether to grant recovery merely as restitutionary relief or as proprietary relief (See my earlier post), it is not unimaginable to allow recovery of the stolen value (as opposed to the specific stolen units) as proprietary relief. The blockchain technology being a new invention, I guess that the rules are currently uncertain under most legal systems.
It is needless to say that in the cases where it is considered normatively that the stolen units are traceable, the possibility of recovery will depend on other conditions which the applicable law puts in place to protect legitimate holders in due course.
No comments:
Post a Comment