Risk allocation for hacking and insolvency of cryptocurrency exchanges
Legal issues arising in relation to cryptocurrency exchanges are interesting in and of themselves. Equally importantly, however, they point to how the law may deal with blockchain–based assets more generally, whether held directly or held via an intermediary. This article briefly considers what cryptocurrency exchanges typically do, the Australian regulatory framework that governs them and risk allocation for hacking and insolvency.
Cryptocurrencies emerged as a result of the Cypherpunk vision of peer-to-peer electronic cash permitting online payments to be made without going through a financial institution.2 But today a significant proportion of cryptocurrency transactions are not undertaken peer-to-peer. Instead, they are mediated by centralised cryptocurrency exchanges. Market practice suggests that trading in the first, and pre-eminent, cryptocurrency (bitcoin) mostly occurs “off-chain” between customers of the same cryptocurrency exchange.3 Further, as of January 2020, we read that the cryptocurrency exchange Coinbase holds nearly a million bitcoins,4 valued at an amount in excess of USD 8.4 billion at the bitcoin market prices that applied as at 23 January 2020.
As a result, there is an ever more pressing imperative for back-end litigation and insolvency lawyers – acting for or against cryptocurrency exchanges or their external administrators – to have a basic understanding of how cryptocurrency exchanges operate and the legal issues raised by those operations.
Further, it is estimated that cryptocurrency exchanges have been affected by up to 60 high profile hacking incidents since 2009, when the cryptocurrency asset class was first created.5 As a result, insolvency lawyers need to be mindful of risk allocation for exchange hacks and the issues relating to the legal characterisation and control of cryptoassets. This is because the issues in relation to risk allocation and legal characterisation become relevant mainly, but not exclusively, when an exchange becomes insolvent. Examples that do not involve the insolvency of the exchange include the B2C2 v Quoine litigation in Singapore,6 the hack of the Hong Kong-based exchange Bitfinex,7 and freezing orders or interim proprietary injunctions against exchanges made by the High Court in London.8 Examples that involve the insolvency of the exchange include the Japanese exchange Mt Gox in 2014, the largest exchange in Canada (QuadrigaCX) in 20199 and the New Zealand exchange Cryptopia in 2019-20.10 The Quadriga CX example is remarkable, involving the presumed death of the founder of the exchange and the disappearance of USD 190 million in cryptocurrency.11
What is a cryptocurrency?
A cryptocurrency is a particular type of digital currency which is open-sourced, distributed, math-based and operates peer-to-peer, and has an equivalent value in central bank (fiat) currency like AUD or USD.12 The “crypto” aspect of “cryptocurrency” is the asymmetric public key cryptography that is used to secure users’ cryptocurrency entitlements.13
What is a “private key” and how does it secure a user’s cryptocurrency entitlements?
The software protocol governing bitcoin and comparable cryptocurrencies include a mechanism for a “wallet” and bitcoin addresses to be created for a user (let us call her Alice). That mechanism involves the generation of a private and public key pair for Alice based on asymmetric public key cryptography. “Asymmetric” means that different keys are used for encryption and for decryption. Broadly, the process can be thought of like this:14
[a]nybody can close a padlock simply by clicking it shut [analogous to applying a public key], but only the person who has the [private] key can open it. Locking (encryption) is easy, something everybody can do, but unlocking (decryption) can be done only by the owner of the key. The trivial knowledge of knowing how to click the padlock shut does not tell you how to unlock it.
More technically, asymmetric public/private key cryptography is based on practically irreversible mathematical functions that are easy to calculate in one direction but are presently15 not possible to “reverse engineer”.
The private key is not a physical thing. It is simply information, that is, a long string of numbers and letters.
Alice’s bitcoin address associated with her wallet is derived from Alice’s public key. If another user (Bob) wants to make available an amount of cryptocurrency to Alice, Bob uses the software protocol to apply his private key and Alice’s Bitcoin address in a process to make the cryptocurrency available to Alice.
Assuming that Bob has kept his private key private, the application of that key demonstrates that the instructions in relation to the relevant amount of cryptocurrency was initiated by Bob and not by some other user and permits Bob to access the amount of cryptocurrency that he wants to make available to Alice (Bob has in effect used his private key to “unlock the padlock” represented by the cryptocurrency associated with his public key/Bitcoin address).
Bob’s application of Alice’s public key-derived wallet address in the process (by in effect clicking shut the padlock that can only be opened by Alice) ensures that that amount is available to be used by Alice and not some other user. This is because Alice needs to apply her private key to use the amount of cryptocurrency transferred to her (by in effect opening her padlock). As a result, if Alice has kept her private key private, only Alice will be able to use the amount of cryptocurrency made available to her by Bob.
The above explanation is accurate where Alice and Bob hold their respective cryptocurrency entitlements directly and not through a cryptocurrency exchange or other online wallet hosting service. In the case of bitcoin, for example, Alice and Bob will have a direct holding if they both have exclusive knowledge and control of their own respective private keys. The software wallets that generate and store those keys could be stored locally on the user’s hardware device, like a laptop computer, smart phone or USB stick. Alternatively, they can use an online wallet but nonetheless maintain full control because the wallet applies client side encryption so that the they each have full control (and the online wallet provider has no control) of the private keys and transaction records, which are created and maintained on the client side, ie on the user’s desktop or mobile device.16
Further, because Alice and Bob hold their respective cryptocurrency entitlements directly, their transactions are effected on the relevant cryptocurrency blockchain itself, not “off chain” in the books of an intermediary like a cryptocurrency exchange.
What is a cryptocurrency exchange?
The cryptocurrency exchanges considered in this article – much like stock exchanges – are centralised platforms on which buyers and sellers can typically trade cryptocurrencies based on current market prices. Buy and sell offers are made publicly available on an order book. The exchange acts as an intermediary between buyer and seller, and generally charges a fee for each transaction.18 Most of the larger exchanges enable users to sell and buy cryptocurrencies using either fiat currency or particular cryptocurrencies. In addition, the exchanges considered in this article provide wallet services. For example, clause 2.2 of the Coinbase User Agreement contemplates that Coinbase may provide a user with “one or more hosted digital currency wallets enabling [the user] to store, track, transfer, and manage [the user’s] balances of certain supported digital currencies like Bitcoin or Ethereum”19 In contrast, other exchanges provide a cryptocurrency exchange service only, and do not offer an online hosted wallet, so that a user has to take responsibility for storing their own private keys.20 The exchanges may not necessarily match a buyer with a seller in every instance. They may sell to buyers or buy from sellers.
There are numerous cryptocurrency exchanges in operation, including in Australia.21 Many of them are centralised platforms of the type outlined above, offering trading and wallet services. That type of exchange is the focus of this article. But for completeness it is worth noting that the term “cryptocurrency exchange” may sometimes be used in a much broader sense, to cover a variety of other functions that may be offered as a separate specialised service by a centralised cryptocurrency platform, or offered by specialised businesses, mainly to high value users:
- Cryptocurrency brokers: these businesses typically offer a personalised service for high value users. They help high value users to execute large block trades by accessing multiple sources, including over-the counter (OTC) trades not involving exchanges but instead involving direct dealings with liquidity providers who hold large volumes of cryptocurrencies.22
- OTC desks: these functions (which may be offered by separate businesses or specialised divisions of a centralised exchange, for high value customers) again permit the execution of large block trades.23
- Cryptocurrency order management/order execution services: again, for high value users, these are specialised functions permitting users to access cryptocurrencies from multiple sources.
All the above mechanisms are distinct from the relatively new phenomenon of “de-centralised finance”24 “De-fi” platforms permit investors to generate returns from asset appreciation or interest accrual.25 Because these platforms, like cryptocurrencies transacted peer-to-peer, are based on software protocols which are not necessarily controlled by particular individuals or businesses, they are difficult to analyse from a regulatory perspective. I understand that some of the software protocols allow a user to retain control of their assets (presumably by exclusive knowledge and control of the private key enabling the user to deal with the relevant asset on the applicable public blockchain). Further, it appears that users are sometimes able to insure the value of the assets held via these platforms. “De-fi” platforms merit careful review in their own right. They are outside the scope of this article.
How does the Australian Corporations Act regulate cryptocurrency exchanges?
Five years ago, it was considered that “a person is not providing financial services when they operate a digital currency trading platform, provide advice on digital currencies or arrange for others to buy and sell digital currencies.”26 This conclusion flowed from the Australian Securities & Investments Commission’s (ASIC’s) view that digital currencies themselves did not fall within the legal definition of “financial product” under the Australian Corporations Act 2001.27 Since that time, the exponential rise of the “Initial Coin Offering” (ICO) has rightly caused ASIC to qualify its initial views. ASIC now notes that its experience suggests that many ICOs may be, or involve, interests in a managed investment scheme.28 As a result, the current position appears to be as follows:
- A digital currency exchange that permits spot trading29 only in cryptocurrencies that are taken to be “true” widely held cryptocurrencies used to transfer value (for example Bitcoin, Ethereum, Litecoin) will not be taken, as a result of that activity alone, to be providing a financial service. Absent a financial service, the exchange will not be regulated under the provisions dealing with making a market,30 financial markets31 and clearing and settlement facilities.32
- A digital currency exchange may nonetheless be taken to provide a financial service in connection with a “true” widely held cryptocurrency if the exchange provides an associated service that is a financial product in its own right. Examples of this include offering options and futures products which are derivatives,33 or offering cryptocurrency holders a non-cash payment facility to pay merchants using conventional point of sale terminals (with the holders’ cryptocurrencies being converted into AUD to enable the payment to the merchant).34
AML/CTF Act regulation of cryptocurrency exchanges in Australia
The Australian Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) (AML/CTF Act) regulates cryptocurrency exchanges which engage in the exchange of digital currency for money (whether Australian or not) or the exchange of money (whether Australian or not) for digital currency, where the exchange is provided in the course of carrying on a digital currency exchange business.35 This would apply to cryptocurrency exchanges that provide “on ramps” and “off ramps” for conversion of, say, bitcoin or ethereum to AUD or USD, or vice versa. An exchange needs to have a specified geographical link with Australia to be regulated under the AML/CTF Act.36
A cryptocurrency exchange regulated under the AML/CTF Act would be subject to a number of requirements at the time of enrolment as a reporting entity and registration as a digital currency exchange provider. In addition, the exchange would have ongoing obligations in relation to matters such as customer identification, suspicious matter reporting, periodic reporting to the regulator, as well as the adoption and maintenance of an appropriate AML/CTF Program.
The extension of the AML/CTF Act to cover the above activities was the result of a recommendation made by the Australian Senate’s Economic References Committee in 2015.37 The implementation of this recommendation may have gone some way towards addressing the difficulties encountered by digital currency exchanges – noted by the Committee – in obtaining payment and transactional services from the banks.38
Risk allocation for exchange hacks and insolvency
The Cryptopia litigation
Cryptopia Ltd was a cryptocurrency exchange formed in New Zealand in 2014. Cryptopia’s operations were relatively modest until 2017 when, as a result of the cryptocurrency boom in that year, it grew to have approximately 900,000 users of its services. Most of those users were located outside New Zealand. In January 2019 Cryptopia’s servers were hacked. Somewhere between 9% and 14% of the cryptocurrency held by it was stolen. The stolen cryptocurrency was valued at approximately NZD 30 million. In May 2019 Cryptopia’s shareholders resolved to place the company in liquidation. As at October 2019, Cryptopia had 960,143 accountholders with a positive coin balance. 104,186 of those accountholders are believed to have a “deemed nil value”, presumably because of the hack.39 Cryptopia continues to hold cryptocurrency worth approximately NZD 170 million.
The liquidators applied to the Court for guidance and directions. The Court appointed senior counsel to represent the interests of the creditors of Cryptopia on the one hand and the accountholders of Cryptopia on the other. The liquidators indicated to the Court that they had no interest in whatever outcome was reached by the Court on the issues in the first application. Rather, they simply wished to ensure that the Court received full argument on the relevant issues.40 The main issues addressed by the Court, and the Court’s conclusions, are set out below.
|1||Whether any or all of the various cryptocurrencies (digital assets) held by the liquidators of Cryptopia constitute “property” as defined in section 2 of the Companies Act 1993.||Yes. This conclusion was reached after a detailed consideration of possible arguments against cryptocurrency being property, including that:
the common law recognises only two classes of personal property – tangibles and choses in action – and cryptocurrencies are said to be neither; and
information is not generally recognised as a form of “property” and cryptocurrencies might be said to be a form of information.
|2||Whether any or all of the digital assets are held on trust for any or all of the accountholders, whether by way of express, implied, resulting, constructive, Quistclose trust or otherwise.||Yes. This was an express trust evidenced by, amongst other things:43
the express trust provisions in Cryptopia’s amended terms and conditions; and
Cryptopia’s internal financial accounts and GST returns which demonstrated that it did not assert any ownership in the cryptocurrency beyond its beneficial interest in its own cryptocurrency as accountholder.
|3||If yes to 2, when did the trusts come into existence?||An express trust came into existence for every different type of cryptocurrency which Cryptopia acquired as a result of a dealing with an accountholder. Once such a trust came into existence it applied to any currency of the relevant type subsequently acquired by Cryptopia as part of the running of its cryptocurrency platform whether or not the currency was in hot wallets or cold wallets. 44|
|4||If yes to 2, what are the terms of the trust?||It is not necessary or practicable at this point comprehensively to list all the terms that might govern the trusts in question. Cryptopia essentially fulfilled somewhat confined duties similar to the role of a bare trustee in relation to the accountholders: to hold each group of digital assets as trustee, to follow their instructions and to let individual accountholders increase or decrease their beneficial interest in the relevant trusts in accordance with the system Cryptopia had created for that purpose.45|
|5||If yes to 2, are the digital assets held on trust:
in an individual trust for each accountholder, who is the sole beneficiary of that trust?
in one trust for the benefit of all accountholders, who are co-beneficiaries of the same trust?
in multiple trusts for the benefit of specific groups of accountholders, who are co-beneficiaries of the same trust?
on some other basis?
|In multiple trusts for the benefit of specific groups of accountholders, who are co-beneficiaries of the same trust.46|
|6||If and to the extent that the liquidators recover stolen digital assets, are they to be dealt with:
in accordance with the determination sought above;
pro rata according to the amount recovered assessed against the amount stolen; or
as assets of Cryptopia.
|Given the holding that there are separate trusts for each type of cryptocurrency held by Cryptopia, there is one trust for each type of cryptocurrency held. As a result, it follows that only those accountholders who hold types of cryptocurrency that were stolen would have suffered a loss as a result of that misappropriation. So those losses should be borne pari passu by those accountholders alone. Correspondingly, any recoveries of misappropriated cryptocurrency should benefit those same accountholders.47|
The liquidators foreshadowed a second application to propose methods of distribution of Cryptopia’s assets.48 As of the date of submission of this article for publication, that second application has yet to be heard.
How do exchanges “hold” cryptocurrency for users?
It appears that there are basically two ways in which an exchange can “hold” cryptocurrency for a user:
- The “earmarked holding” model: The user buys cryptocurrency using the exchange. When processing that purchase, the exchange specifically earmarks49 (as being held for that user) the wallets50 holding the private and public keys that need to be accessed to deal with that cryptocurrency on the public blockchain. This model may or may not involve the user having the ability to initiate a transaction on the public blockchain by using an online wallet hosted by the exchange. Even if it does give the user this ability, the crucial point is that the wallets may also be accessed by the exchange.51 The exchange will provide the user with an application interface to manage, and track the value of, the cryptocurrency that can be accessed using the keys held in the wallets earmarked to the user. The user uses the application interface to instruct the exchange how to deal with the wallets.
- The “pooled holding” model: The user buys cryptocurrency using the exchange. The exchange maintains a record (let us call it an “account”) of the user’s cryptocurrency entitlements. The exchange does not earmark any particular wallets as being held for that user or any other user. Quite confusingly, however, the application interface made available to the user may be very similar to that provided to a user under the “earmarked holding” model.
The following points need to be made:
- The dominant holding model today appears to be the “pooled holding” model,52 whereas five years ago the “earmarked holding” model seems to have been quite common.53
- In many instances, exchanges’ terms and conditions do not make it clear whether they adopt the “earmarked holding” model or the “pooled holding” model. Users often assume that exchanges adopt the “earmarked holding” model whereas industry insiders appear to assume that exchanges almost invariably adopt the “pooled holding” model.54
- A particular exchange may adopt both models: for example, ‘pooled holdings” for normal users and “earmarked holdings” – with or without online wallets that are accessible by the user – for high value users who are provided with additional services.
- To mitigate hacking risks, an exchange often places the majority of the wallets that it holds in “cold storage” as distinct from “hot storage”. Hot storage is where the wallets – including the public/private key pairs – are stored in physical media connected to the Internet. Cold storage is where the public/private key pairs in the wallets are generated and stored in physical media (computers, paper) that are never connected to the Internet.55
- As noted above, the “earmarked holding” model may or may not involve the user having the ability to initiate a transaction on the public blockchain by using an online wallet hosted by the exchange.56 If the user has that ability, that wallet will by definition have to be in hot storage. If the user does not have that ability, an exchange may in theory hold a cold wallet on behalf of a particular user. I am not sure how often this is actually done in practice. I suspect cold storage may be offered as part of an additional service offered to high value users. This means that the cold wallet holdings of an exchange do not always have to be held under the “pooled holding” model. They could be held under the “earmarked holding” model.
- Some legal commentators do not seem to distinguish between the “earmarked holding” model and the “pooled holding” model when analysing the legal characteristics of a user’s relationship with a cryptocurrency exchange.57 They conclude that under the “earmarked holding” model (and therefore presumably with even greater force under the “pooled holding” model) the relationship between the user and the exchange is contractual – in the nature of an account of some description – and not proprietary.58 This would have grave consequences for users if their exchange becomes insolvent. This is because they would be treated as unsecured creditors of the exchange, with no proprietary rights to any cryptocurrency that was held by the exchange when it went into external administration.
- Another legal commentator distinguishes between the “earmarked holding” model and the “pooled holding” model,59 and then concludes that under the “pooled holding” model (and therefore presumably with even greater force under the “earmarked holding” model) an exchange will hold the applicable balances on trust for its users.60 This conclusion is said to apply regardless of whether or not the terms and conditions of the exchange include an express declaration of trust by the exchange.61 Under this approach, the users would have proprietary rights to cryptocurrency held for them, entitling them to priority over the general body of unsecured creditors in any insolvency of their exchange.
- Other commentators treat the “earmarked holding” model as giving users proprietary rights against their exchange, whereas the “pooled holding” model gives users contractual – non-proprietary – rights only against their exchange.62
- It has been suggested that if an exchange adopts the “earmarked holding” model and particular earmarked wallets are hacked,63 subject to any legal recourse against the exchange for failure to secure the wallets appropriately:
- the exchange would probably not have to reimburse the users whose earmarked wallets were hacked; and
- it would not be appropriate for the losses arising from the hacking to be spread across all of the exchange’s users, including the users whose earmarked wallets were not hacked. 64
As is evident from the above summary, the correct legal characterisation of a user’s relationship with a cryptocurrency exchange is contested and uncertain. This is not surprising. The technology is new. The most fundamental questions about the legal nature of a direct holding in cryptocurrency (let alone an indirect holding through an exchange) have yet to be authoritatively answered. For now, I suggest that lawyers should take the following approach:
- In order to understand the legal nature of a user’s indirect holding of cryptocurrency via an exchange it is first necessary to understand the legal nature of a direct holding in cryptocurrency, noting that the exchange will have a direct holding.
- The legal nature of a direct holding cannot be formulated in the abstract to apply generally. Context is all-important.65 It is possible to conclude provisionally that a direct holding of cryptocurrency is “property” in the context of, say, being capable of being:
- held on trust; 66
- the subject of an interim proprietary injunction;67
- encumbered by a security interest;68 or
- the property of an insolvent individual or company for the purposes of insolvency legislation,69
based on the view that the relevant “property” right of a direct holder of particular amounts of cryptocurrency is her right to have the public addresses or public keys (associated with the private keys exclusively known and controlled by her) appear as the last entry in the blockchain in relation to those amounts.70
- Under both the “earmarked holding” and “pooled holding” models, it may be possible for the exchange to be constituted as a trustee for the users in relation to cryptocurrency held for them, for the purposes of giving those users proprietary rights against the exchange.71 But a trust will not necessarily exist in every instance:72 that will depend on surrounding circumstances like the terms and conditions of the exchange and how the exchange is promoted.
- The use of the “earmarked holding” model will not necessarily mean that there is a trust or some other form of proprietary relationship between the exchange and the user, nor will the use of the “pooled holding” model necessarily mean that there is a contractual debtor/creditor relationship between the exchange and the user.73
- In one sense, cryptocurrencies like bitcoin and ethereum are not fungible. This is because every public key and address on a cryptocurrency blockchain records an entitlement that is unique, in the sense that it is “uniquely identifiable as the latest output of a chain of traceable transactions which connect it back to the original output on the system when the [value or “coin”] was first mined.”74 Nonetheless, cryptocurrency protocols generally aim to ensure that, as far as possible, cryptocurrency is treated as interchangeable, i.e. fungible. As a result, it appears that the requirement for certainty of subject matter of a trust can be satisfied, and a valid trust is capable of being created, over an amount of cryptocurrency held by an exchange for a user, even though that amount is part of an undifferentiated larger amount of that cryptocurrency that is held by the exchange.75
- Even if an exchange is found to hold cryptocurrency on trust for users (thereby trumping the rights of the general body of unsecured creditors of the exchange) difficult issues will arise where there is a shortfall in the insolvent exchange’s holdings of cryptocurrency.76 A Court will have to decide how the available cryptocurrency is to be apportioned amongst the users who are entitled to it: will the available cryptocurrency be apportioned rateably amongst the affected users or will a “first in, first out” approach be used? Further, what is the significance of the cryptocurrency being held on an “earmarked holding” basis as opposed to a “pooled holding” basis? I have suggested that a trust is able to arise in either instance,77 but the manner of holding – providing evidence of actual asset segregation where there are earmarked holdings- will most likely have an impact on the tracing process. All these questions, and many more, will have to be worked out over time.
This information and the contents of this publication, current as at the date of publication, is general in nature to offer assistance to Cornwalls’ clients, prospective clients and stakeholders, and is for reference purposes only. It does not constitute legal or financial advice. If you are concerned about any topic covered, we recommend that you seek your own specific legal and financial advice before taking any action.