The Realities of Crypto Asset Recovery Part 2

Following the world’s largest hack of a cryptocurrency exchange, ByBit, on 21 February 2025, in which approximately USD 1.4 billion dollars was misappropriated, formulating the most impactful digital asset recovery strategies which will yield the quickest results is of paramount importance.

This article confronts the practical realities of digital asset recovery, but for brevity, does not consider the digital asset recovery realities associated with valuations, cross-border enforcement or decentralised autonomous organisations due to the additional considerations at play. In this article we refer to cryptocurrencies and digital assets collectively as crypto assets.

(Read Part 1 of The Realities of Crypto Asset Recovery where we delve into how a developing body of case law in several jurisdictions (including England, Singapore, and the British Virgin Islands) demonstrates that the traditional legal framework can be used in asset recovery efforts and disputes involving crypto assets.)

Examples of crypto asset recovery targets

Understanding the ecosystem in which crypto assets operate is key to identifying the correct recovery targets, a sample of which are canvassed below.

Regulated cryptocurrency exchanges (which are one of several points of entry to access the blockchain) are utilised by users to exchange their fiat currency into crypto assets. Whilst not universally the case, some exchanges operate omnibus wallets which comingle users’ crypto assets (rather than segregate them) and information on the treatment of those assets by a centralised cryptocurrency exchange is not publicly available. For this reason, disclosure of information from centralised cryptocurrency exchanges can be required on two counts. The first is in order to ascertain the identity of the account holder. The second, is to require the exchange to disclose how those crypto assets were dealt with (i.e. do these crypto assets remain with the exchange or have they been transferred away, and if so, to which wallet address/es).

Software developers are also another obvious recovery target. For example, where crypto assets are issued by a software developer who controls a centralised supply of those assets, they may have the capacity to freeze those crypto assets through a process called “blacklisting.” However, the blockchain wallet address may continue to transact with other crypto assets which have not been blacklisted. Software developers may also have built in other crypto asset recovery methods into their products, such as a “burning” function (which has the effect of removing crypto assets permanently from circulation) and a “re-issuing” function (which has the effect of minting new crypto assets to a wallet address). These functions could be harnessed as a means to repatriate misappropriated crypto assets where available, and in which case, it may be possible to seek an order for delivery-up from a software developer, which would compel misappropriated crypto assets to be “burned” and new crypto assets “re-issued” to the claimant’s wallet address.

With respect to the methods by which crypto assets can be transferred across the blockchain network, the Dubai International Financial Centre’s Court of Appeal (DFIC CoA) recently considered that in law, and in the context of value moving through the process of creation and destruction, “Irrespective of how each blockchain organises its informational entities throughout the process of ‘transfer’, the end result is that an asset is transferred from person to person” and that to consider otherwise would fly in the face of commercial common sense¹. The DFIC CoA subsequently concluded that crypto assets were capable of being owned and transferred at law. It is important to note that different protocols deployed on a blockchain network have different utilities, functions and recovery mechanisms. Focusing on centralised issuers of crypto assets may be one of several other potential recovery targets, depending on how they have been utilised by a bad actor to launder misappropriated crypto assets on the blockchain.

Holders of the private keys to un-hosted wallets (where it is possible to identify their owners) and identifiable signatories to a multi-sig wallet (who are required to authorise an outbound transaction from a wallet address) may also be viable recovery targets. However, due to the pseudo-anonymous nature of the blockchain, it is often too challenging to ascertain the real identities of these targets, although attribution data from an analysis of the blockchain may, from inference of how certain wallet addresses interact with each other, infer shared control.

The use of third party custodian wallet providers is also becoming increasingly mainstream amongst centralised cryptocurrency exchanges, high net worth individuals and crypto asset rich companies. In this case, control of the wallet is placed outside their ambit and transfer instructions are instead given to the custodian to execute. As such, third party custodians may also need to form part of a crypto asset recovery strategy if crypto assets have been traced to a wallet address controlled by a third party custodian.

Crypto asset tracing

It goes without saying that for recoveries to be realised, the evidence underpinning how crypto assets are traced to potential recovery targets is key. D’Aloia v. Persons Unknown² is a stark
reminder to all recovery practitioners of the limitations to tracing frameworks which exist under common law.

It is possible to “follow” and “trace” assets, and the same principles apply to crypto assets. As a methodology, “following” is possible where the same asset moves from one place to the other and is only available in common law. “Tracing” on the other hand involves identifying old assets and substituting them with new assets, and this is available at both common law and in equity. Some tracing methodologies include using the First In First Out (FIFO)³ method, the pro-rata method⁴ and the rolling charge method⁵.

In D’Aloia, the English Court considered that Tether (USDT) was a distinct form of property not based on any underlying legal right and remained identifiable when mixed because Tether Limited (which issues the USDT token) maintains an internal ledger which records the movement of USDT tokens. However, because the claimant failed to produce Tether’s ledger records into evidence, the principle of “following” could not be deployed in this case for asset tracing purposes.

Additionally, the USDT couldn’t be “traced” because (a) at common law, claimants are unable to trace through mixed funds (i.e. an omnibus third party custodian wallet operated by a centralised cryptocurrency exchange which comingles the crypto assets it receives from different customers); and (b) it was held that the claimant’s analysis:

• assumed that all mixed funds derived from innocent victims;
• relied on two blockchain analytic reports which produced different results;
• purported to employ the FIFO method, but it later transpired that other methods had also been used, which meant this method had not been followed strictly; and
• was produced by an expert which exhibited a biased (rather than neutral) analysis in favour of the claimant.

As a result, the claimant in D’Aloia was unable to persuade the English Court that their missaprioriated crypto assets could be traced through to the wallets which were subject to the recovery action.

Crypto asset recovery in the context of insolvency

How users’ crypto assets are treated by, for example, centralised cryptocurrency exchanges and trading platforms in an insolvency event will likely depend on how those crypto assets were held and administered in the course of business.

For example, and in the context of cryptocurrency exchanges, the Hong Kong Court determined In the Matter of Gatecoin Limited (in Liquidation)⁶ that cryptocurrencies are property capable of being held on trust, but that the majority of users’ crypto assets fell to be assets of Gatecoin’s estate (leaving the majority of Gatecoin’s users as unsecured creditors).

In this case, three sets of terms and conditions had been implemented by Gatecoin sequentially, with only the second set providing that users’ crypto assets were held on trust. As the third set (which superseded the second set) reversed the position, only users who had not accessed the exchange’s website since prior to the implementation of the third set of terms and conditions (which required users to accept them before accessing the exchange’s website) could claim a proprietary interest in the crypto assets held by Gatecoin.

Additionally, the Court found that Gatecoin had not segregated users’ crypto assets, had traded them freely, and recorded customer deposits as liabilities in their audited financials – which
suggested that the crypto assets belonged to Gatecoin, and not held on trust for its customers.

Conversely, the Hong Kong court found in Chan Wing Tan and another v. JP-EX Crypto Asset Platforms Pty Ltd and Others⁷ that USDT customer deposits of the JP-EX crypto trading platform (JPEX) (which is involved in Hong Kong’s largest cryptocurrency fraud scandal) were held on express trust⁸ for the claimants and that JPEX had breached its duty of trust by transferring them away.

In this case, JPEX represented to its users that 95% of their crypto assets would be stored in “cold wallets” (i.e. storage devices not connected to the internet) which suggested that they were not free for JPEX to use, and that by virtue of creating a platform without allocating private keys to its users, this arrangement suggested to the Court an intent by JPEX to hold crypto assets on trust for its users. More importantly however, users’ crypto assets were segregated and JPEX’ terms and conditions strongly suggested the existence of a trust, which placed the claimant in a more secure recovery position.

By way of relief, the Court granted an Order for delivery-up of the missaprioriated USDT and in the alternative, JPEX was ordered to pay equitable compensation. This is a useful alternative remedy to obtain where crypto assets have been traced or followed to an un-hosted wallet which is anonymously controlled (meaning there is no way of locating the holder of the wallet’s private keys to compel a transfer by Court Order).

Conclusion

The arena of crypto asset recovery is highly dynamic, fast paced and complex. But above all else, it has a vital role to play in underpinning the feasibility of this technology’s mass adoption, which must evolve safely and sustainably to protect users and their crypto assets. To do so arguably requires wealth preservation and restoration to be clearly demonstrable on the blockchain.

Footnotes

1 (1) Gate Mena DMCC (Formerly Known as Huobi OTC DMCC) (2) Huobi Mena FZE v (1) Tabarak Investment Capital Limited (2) Christian Thurner [2023] DIFC CA 002 (13 June 2024) at [83] to [85].
2 D’Aloia v. Persons Unknown and others [2024] EWHC 2342 (Ch).
3 See Charity Commission for England and Wales v Framjee [2014] EWHC 2507 at [47], in which the English Court explained that the FIFO method was first applied in “Clayton’s Case (Devaynes v Noble (1816) 1 Mer. 572) whereby payments out of an account are attributed to payments into the account in the order in which the payments in were made, or in other words on a “first in, first out” basis.”
4 See Charity Commission for England and Wales v Framjee [2014] EWHC 2507 at [47], in which the English Court explained that the pro-rata method is a “technique […] to divide the remaining money between the recipients in proportion to the amounts which they are owed. This solution, where distribution is made on a rateable, or pari passu, basis, has frequently been adopted in recent years where the claimants on the fund are all the victims of a common misfortune. It also has the great advantage of being simple and inexpensive to implement.”
5 See Charity Commission for England and Wales v Framjee at [47] which describes the rolling charge as a combination of “the pari passu approach with the lowest intermediate balance principle. Its effect is that the position has to be analysed whenever a payment is made out of the fund, and no contributor can be paid more than his rateable share of the lowest intermediate balance while his money remained in the fund.”
6 In the Matter of Gatecoin Limited (in Liquidation) [2023] HKCFI 914.
7 Chan Wing Yan and Another v. JP-EX Crypto Asset Platform Pty Ltd and Others [2024] HKDC 1628.
8 The Hong Kong Court followed the principles in Re Lehman Brothers International (Europe) (In Administration) [2010] EWHC 2914 (Ch) when determining the existence of an express trust.