This article briefly outlines what cryptocurrency exchanges typically do, the Australian regulatory framework that governs them and considers particular legal issues that have arisen or are likely to arise in the future.
Cryptocurrencies emerged as a result of the Cypherpunk vision of peer-to-peer electronic cash permitting online payments to be made without going through a financial institution. But today a significant proportion of cryptocurrency transactions are not undertaken peer-to-peer. Instead, they are mediated by centralised cryptocurrency exchanges. Market practice suggests that trading in the first, and pre-eminent, cryptocurrency (bitcoin) mostly occurs “off-chain” between customers of the same cryptocurrency exchange. Further, as of January 2020, we read that the cryptocurrency exchange Coinbase holds nearly a million bitcoins, valued at an amount in excess of USD 8.4 billion at the bitcoin market prices that applied as at 23 January 2020.
As a result, there is an ever more pressing imperative for:
- front-end finance lawyers – advising on regulatory issues or drafting contracts for cryptocurrency exchanges or their bankers or other commercial counterparties; and
- back-end litigation and insolvency lawyers – acting for or against cryptocurrency exchanges or their external administrators,
to have a basic understanding of how cryptocurrency exchanges operate and the legal issues raised by those operations.
WHAT WE KNOW
What is a cryptocurrency?
A cryptocurrency is a particular type of digital currency which is open-sourced, distributed, math-based and operates peer-to-peer, and has an equivalent value in central bank (fiat) currency like AUD or USD. The “crypto” aspect of “cryptocurrency” is the asymmetric public key cryptography that is used to secure users’ cryptocurrency entitlements. 
What is a “private key” and how does it secure a user’s cryptocurrency entitlements?
The software protocol governing bitcoin and comparable cryptocurrencies include a mechanism for a “wallet” and bitcoin addresses to be created for a user (let us call her Alice). That mechanism involves the generation of a private and public key pair for Alice based on asymmetric public key cryptography. “Asymmetric” means that different keys are used for encryption and for decryption. Broadly, the process can be thought of like this:
[a]nybody can close a padlock simply by clicking it shut [analogous to applying a public key], but only the person who has the [private] key can open it. Locking (encryption) is easy, something everybody can do, but unlocking (decryption) can be done only by the owner of the key. The trivial knowledge of knowing how to click the padlock shut does not tell you how to unlock it.
More technically, asymmetric public/private key cryptography is based on practically irreversible mathematical functions that are easy to calculate in one direction but are presently not possible to “reverse engineer”.
The private key is not a physical thing. It is simply information, that is, a long string of numbers and letters.
Alice’s bitcoin address associated with her wallet is derived from Alice’s public key. If another user (Bob) wants to make available an amount of cryptocurrency to Alice, Bob uses the software protocol to apply his private key and Alice’s Bitcoin address in a process to make the cryptocurrency available to Alice.
Assuming that Bob has kept his private key private, the application of that key demonstrates that the instructions in relation to the relevant amount of cryptocurrency was initiated by Bob and not by some other user and permits Bob to access the amount of cryptocurrency that he wants to make available to Alice (Bob has in effect used his private key to “unlock the padlock” represented by the cryptocurrency associated with his public key/Bitcoin address).
Bob’s application of Alice’s public key-derived wallet address in the process (by in effect clicking shut the padlock that can only be opened by Alice) ensures that that amount is available to be used by Alice and not some other user. This is because Alice needs to apply her private key to use the amount of cryptocurrency transferred to her (by in effect opening her padlock). As a result, if Alice has kept her private key private, only Alice will be able to use the amount of cryptocurrency made available to her by Bob.
The above explanation is accurate where Alice and Bob hold their respective cryptocurrency entitlements directly and not through a cryptocurrency exchange or other online wallet hosting service. In the case of bitcoin, for example, Alice and Bob will have a direct holding if they both have exclusive knowledge and control of their own respective private keys. The software wallets that generate and store those keys could be stored locally on the user’s hardware device, like a laptop computer, smart phone or USB stick. Alternatively, they can use an online wallet but nonetheless maintain full control because the wallet applies client side encryption so that the they each have full control (and the online wallet provider has no control) of the private keys and transaction records, which are created and maintained on the client side, ie on the user’s desktop or mobile device.
Further, because Alice and Bob hold their respective cryptocurrency entitlements directly, their transactions are effected on the relevant cryptocurrency blockchain itself, not “off chain” in the books of an intermediary like a cryptocurrency exchange.
What is a cryptocurrency exchange?
The cryptocurrency exchanges considered in this article – much like stock exchanges – are centralised platforms on which buyers and sellers can typically trade cryptocurrencies based on current market prices. Buy and sell offers are made publicly available on an order book. The exchange acts as an intermediary between buyer and seller, and generally charges a fee for each transaction. Most of the larger exchanges enable users to sell and buy cryptocurrencies using either fiat currency or particular cryptocurrencies. In addition, the exchanges considered in this article provide wallet services. For example, clause 2.2 of the Coinbase User Agreement contemplates that Coinbase may provide a user with “one or more hosted digital currency wallets enabling [the user] to store, track, transfer, and manage [the user’s] balances of certain supported digital currencies like Bitcoin or Ethereum” In contrast, other exchanges provide a cryptocurrency exchange service only, and do not offer an online hosted wallet, so that a user has to take responsibility for storing their own private keys. The exchanges may not necessarily match a buyer with a seller in every instance. They may sell to buyers or buy from sellers.
There are numerous cryptocurrency exchanges in operation, including in Australia. Many of them are centralised platforms of the type outlined above, offering trading and wallet services. That type of exchange is the focus of this article. But for completeness it is worth noting that the term “cryptocurrency exchange” may sometimes be used in a much broader sense, to cover a variety of other functions that may be offered as a separate specialised service by a centralised cryptocurrency platform, or offered by specialised businesses, mainly to high value users:
- Cryptocurrency brokers: these businesses typically offer a personalised service for high value users. They help high value users to execute large block trades by accessing multiple sources, including over-the counter (OTC) trades not involving exchanges but instead involving direct dealings with liquidity providers who hold large volumes of cryptocurrencies.
- OTC desks: these functions (which may be offered by separate businesses or specialised divisions of a centralised exchange, for high value customers) again permit the execution of large block trades.
- Cryptocurrency order management/order execution services: again, for high value users, these are specialised functions permitting users to access cryptocurrencies from multiple sources.
All the above mechanisms are distinct from the relatively new phenomenon of “de-centralised finance” “De-fi” platforms permit investors to generate returns from asset appreciation or interest accrual. Because these platforms, like cryptocurrencies transacted peer-to-peer, are based on software protocols which are not necessarily controlled by particular individuals or businesses, they are difficult to analyse from a regulatory perspective. I understand that some of the software protocols allow a user to retain control of their assets (presumably by exclusive knowledge and control of the private key enabling the user to deal with the relevant asset on the applicable public blockchain). Further, it appears that users are sometimes able to insure the value of the assets held via these platforms. “De-fi” platforms merit careful review in their own right. They are outside the scope of this article.
How does the Australian Corporations Act regulate cryptocurrency exchanges?
Five years ago, it was considered that “a person is not providing financial services when they operate a digital currency trading platform, provide advice on digital currencies or arrange for others to buy and sell digital currencies.” This conclusion flowed from the Australian Securities & Investments Commission’s (ASIC’s) view that digital currencies themselves did not fall within the legal definition of “financial product” under the Australian Corporations Act 2001. Since that time, the exponential rise of the “Initial Coin Offering” (ICO) has rightly caused ASIC to qualify its initial views. ASIC now notes that its experience suggests that many ICOs may be, or involve, interests in a managed investment scheme. As a result, the current position appears to be as follows:
- A digital currency exchange that permits spot trading only in cryptocurrencies that are taken to be “true” widely held cryptocurrencies used to transfer value (for example Bitcoin, Ethereum, Litecoin) will not be taken, as a result of that activity alone, to be providing a financial service. Absent a financial service, the exchange will not be regulated under the provisions dealing with making a market, financial markets and clearing and settlement facilities.
- A digital currency exchange may nonetheless be taken to provide a financial service in connection with a “true” widely held cryptocurrency if the exchange provides an associated service that is a financial product in its own right. Examples of this include offering options and futures products which are derivatives, or offering cryptocurrency holders a non-cash payment facility to pay merchants using conventional point of sale terminals (with the holders’ cryptocurrencies being converted into AUD to enable the payment to the merchant).
AML/CTF Act regulation of cryptocurrency exchanges in Australia
The Australian Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) (AML/CTF Act) regulates cryptocurrency exchanges which engage in the exchange of digital currency for money (whether Australian or not) or the exchange of money (whether Australian or not) for digital currency, where the exchange is provided in the course of carrying on a digital currency exchange business. This would apply to cryptocurrency exchanges that provide “on ramps” and “off ramps” for conversion of, say, bitcoin or ethereum to AUD or USD, or vice versa. An exchange needs to have a specified geographical link with Australia to be regulated under the AML/CTF Act.
A cryptocurrency exchange regulated under the AML/CTF Act would be subject to a number of requirements at the time of enrolment as a reporting entity and registration as a digital currency exchange provider. In addition, the exchange would have ongoing obligations in relation to matters such as customer identification, suspicious matter reporting, periodic reporting to the regulator, as well as the adoption and maintenance of an appropriate AML/CTF Program.
The extension of the AML/CTF Act to cover the above activities was the result of a recommendation made by the Australian Senate’s Economic References Committee in 2015. The implementation of this recommendation may have gone some way towards addressing the difficulties encountered by digital currency exchanges – noted by the Committee – in obtaining payment and transactional services from the banks.
WHAT WE DON’T KNOW
Mistakes in algorithmic trading
Cryptocurrency exchanges and their counterparties may utilise sophisticated algorithmic trading software to execute trades automatically. This is no different from other markets.
Sometimes things go wrong. In B2C2 v Quoine certain automated trading software of a Singapore-based cryptocurrency exchange (Quoine) was activated by certain users of Quoine’s platform (Counterparties). This activation resulted from a malfunction of Quoine’s software (the “Quoter Program”), which incorrectly identified that margin calls had to be made on the Counterparties. The Quoter Program interacted with B2C2’s software (“Pure Quote”). As a result, the platform automatically processed seven purchases of Ethereum (ETH) by the Counterparties from B2C2 utilising Bitcoin (BTC) at an exchange rate of approximately 10 BTC for 1 ETH. This rate was approximately 250 times the correct rate of 0.04 BTC for 1 ETH. The proceeds of the sale (3092.517116 BTC) (nearly USD 28 million at the BTC/USD conversion rates at the end of January 2020) were automatically credited to B2C2’s account with Quoine, and a corresponding amount of 309.2518 ETH was automatically debited to that account. When a human (the Chief Technology Officer of Quoine) reviewed the trades the next day he reversed them, owing to the highly abnormal deviation from the previously applicable rates. B2C2 sued Quoine for breach of contract and breach of trust.
There were several matters in dispute. One particular issue of interest for lawyers advising on cryptocurrency exchange contracts – and smart contracts generally – is the application of the law of mistake to contracts formed by algorithmic trading. Amongst other things, Quoine contended that certain unilateral mistakes made by the Counterparties’ made the trades void at common law, or voidable in equity, under Singaporean law. These mistakes were that Quoine’s platform would always operate as intended – or, if not, there would be adequate safeguards – and further that they were buying at prices which accurately represented, or did not deviate significantly from, the true market value, or price, of ETH relative to BTC.
For the unilateral mistake defence to succeed Quoine had to show, first, that the offer that was made to B2C2’s Pure Quote program was made by mistake and, secondly, that B2C2 had actual knowledge of that mistake. Actual knowledge of the other party’s mistake is generally assessed as of the time at which the contract is formed. But this is difficult to apply in the case of algorithmic contracts. Who needs to have that actual knowledge and at what time? The Court held that the knowledge of B2C’s software coder, as at the date he coded the software, was relevant to assess whether B2C2 had actual knowledge of the Counterparties’ mistake. Based on these principles, the Court found that the coder had no actual knowledge of the mistaken belief of the Counterparties at the time of coding the software for Pure Quote. As a result, the Court held that Quoine’s defence of unilateral mistake failed. Quoine also failed in its defence of unilateral mistake in equity (because B2C2’s coder did not have constructive knowledge of the mistake and in any event there was no impropriety on his part) and mutual mistake (because the mistake was not mutual: B2C2’s coder had programmed the prices at which the trades occurred).
Commentators have criticised the approach taken by the Court on the issue of unilateral mistake at common law. This is because the detailed investigation into the intentions and motives of B2C2’s software coder injected considerations from the law of deceit into the law of mistake. Further, the same commentators suggest that because B2C2 elected to engage in algorithmic trading, B2C2 should not be entitled to require Quoine to establish any actual knowledge on the part of an employee or agent of B2C2 as an element of the defence based on unilateral mistake.
These are novel and difficult issues. The appeal decision in B2C2 v Quoine will be of great interest when it is handed down, in relation to the application of the law of mistake to algorithmic trading as well as in relation to the property law analysis of what precisely is held by cryptocurrency exchanges for their users and on what basis. We now turn to that second issue.
Risk allocation for exchange hacks and insolvency
It is estimated that cryptocurrency exchanges have been affected by up to 60 high profile hacking incidents since 2009, when the cryptocurrency asset class was first created. As a result, commercial lawyers drafting bespoke contracts, or standard terms and conditions relating to exchanges, need to be mindful of risk allocation for exchange hacks, and the issues relating to the legal characterisation and control of cryptoassets. The issues in relation to risk allocation and legal characterisation become relevant mainly, but not exclusively, when an exchange becomes insolvent. Examples that do not involve the insolvency of the exchange include the B2C2 v Quoine litigation in Singapore, the hack of the Hong Kong-based exchange Bitfinex, and freezing orders or interim proprietary injunctions against exchanges made by the High Court in London. Examples that involve the insolvency of the exchange include the Japanese exchange Mt Gox in 2014 and the largest exchange in Canada (QuadrigaCX) in 2019. The Quadriga CX example is remarkable, involving the presumed death of the founder of the exchange and the disappearance of USD 190 million in cryptocurrency.
How do exchanges “hold” cryptocurrency for users?
It appears that there are basically two ways in which an exchange can “hold” cryptocurrency for a user:
- The “earmarked holding” model: The user buys cryptocurrency using the exchange. When processing that purchase, the exchange specifically earmarks (as being held for that user) the wallets holding the private and public keys that need to be accessed to deal with that cryptocurrency on the public blockchain. This model may or may not involve the user having the ability to initiate a transaction on the public blockchain by using an online wallet hosted by the exchange. Even if it does give the user this ability, the crucial point is that the wallets may also be accessed by the exchange. The exchange will provide the user with an application interface to manage, and track the value of, the cryptocurrency that can be accessed using the keys held in the wallets earmarked to the user. The user uses the application interface to instruct the exchange how to deal with the wallets.
- The “pooled holding” model: The user buys cryptocurrency using the exchange. The exchange maintains a record (let us call it an “account”) of the user’s cryptocurrency entitlements. The exchange does not earmark any particular wallets as being held for that user or any other user. Quite confusingly, however, the application interface made available to the user may be very similar to that provided to a user under the “earmarked holding” model.
The following points need to be made:
- The dominant holding model today appears to be the “pooled holding” model, whereas five years ago the “earmarked holding” model seems to have been quite common.
- In many instances, exchanges’ terms and conditions do not make it clear whether they adopt the “earmarked holding” model or the “pooled holding” model. Users often assume that exchanges adopt the “earmarked holding” model whereas industry insiders appear to assume that exchanges almost invariably adopt the “pooled holding” model.
- A particular exchange may adopt both models: for example, ‘pooled holdings” for normal users and “earmarked holdings” – with or without online wallets that are accessible by the user – for high value users who are provided with additional services.
- To mitigate hacking risks, an exchange often places the majority of the wallets that it holds in “cold storage” as distinct from “hot storage”. Hot storage is where the wallets – including the public/private key pairs – are stored in physical media connected to the Internet. Cold storage is where the public/private key pairs in the wallets are generated and stored in physical media (computers, paper) that are never connected to the Internet.
- As noted above, the “earmarked holding” model may or may not involve the user having the ability to initiate a transaction on the public blockchain by using an online wallet hosted by the exchange. If the user has that ability, that wallet will by definition have to be in hot storage. If the user does not have that ability, an exchange may in theory hold a cold wallet on behalf of a particular user. I am not sure how often this is actually done in practice. I suspect cold storage may be offered as part of an additional service offered to high value users. This means that the cold wallet holdings of an exchange do not always have to be held under the “pooled holding” model. They could be held under the “earmarked holding” model.
- Some legal commentators do not seem to distinguish between the “earmarked holding” model and the “pooled holding” model when analysing the legal characteristics of a user’s relationship with a cryptocurrency exchange. They conclude that under the “earmarked holding” model (and therefore presumably with even greater force under the “pooled holding” model) the relationship between the user and the exchange is contractual – in the nature of an account of some description – and not proprietary. This would have grave consequences for users if their exchange becomes insolvent. This is because they would be treated as unsecured creditors of the exchange, with no proprietary rights to any cryptocurrency that was held by the exchange when it went into external administration.
- Another legal commentator distinguishes between the “earmarked holding” model and the “pooled holding” model, and then concludes that under the “pooled holding” model (and therefore presumably with even greater force under the “earmarked holding” model) an exchange will hold the applicable balances on trust for its users. This conclusion is said to apply regardless of whether or not the terms and conditions of the exchange include an express declaration of trust by the exchange. Under this approach, the users would have proprietary rights to cryptocurrency held for them, entitling them to priority over the general body of unsecured creditors in any insolvency of their exchange.
- Other commentators treat the “earmarked holding” model as giving users proprietary rights against their exchange, whereas the “pooled holding” model gives users contractual – non-proprietary – rights only against their exchange.
- It has been suggested that if an exchange adopts the “earmarked holding” model and particular earmarked wallets are hacked, subject to any legal recourse against the exchange for failure to secure the wallets appropriately:
- the exchange would probably not have to reimburse the users whose earmarked wallets were hacked; and
- it would not be appropriate for the losses arising from the hacking to be spread across all of the exchange’s users, including the users whose earmarked wallets were not hacked. 
As is evident from the above summary, the correct legal characterisation of a user’s relationship with a cryptocurrency exchange is contested and uncertain. This is not surprising. The technology is new. The most fundamental questions about the legal nature of a direct holding in cryptocurrency (let alone an indirect holding through an exchange) have yet to be authoritatively answered. For now, I suggest that lawyers should take the following approach:
- In order to understand the legal nature of a user’s indirect holding of cryptocurrency via an exchange it is first necessary to understand the legal nature of a direct holding in cryptocurrency, noting that the exchange will have a direct holding.
- The legal nature of a direct holding cannot be formulated in the abstract to apply generally. Context is all-important. It is possible to conclude provisionally that a direct holding of cryptocurrency is “property” in the context of, say, being capable of being:
- held on trust; 
- the subject of an interim proprietary injunction;
- encumbered by a security interest;  or
- the property of an insolvent individual or company for the purposes of insolvency legislation,
based on the view that the relevant “property” right of a direct holder of particular amounts of cryptocurrency is her right to have the public addresses or public keys (associated with the private keys exclusively known and controlled by her) appear as the last entry in the blockchain in relation to those amounts.
- Under both the “earmarked holding” and “pooled holding” models, it may be possible for the exchange to be constituted as a trustee for the users in relation to cryptocurrency held for them, for the purposes of giving those users proprietary rights against the exchange. But a trust will not necessarily exist in every instance: that will depend on surrounding circumstances like the terms and conditions of the exchange and how the exchange is promoted.
- The use of the “earmarked holding” model will not necessarily mean that there is a trust or some other form of proprietary relationship between the exchange and the user, nor will the use of the “pooled holding” model necessarily mean that there is a contractual debtor/creditor relationship between the exchange and the user.
- In one sense, cryptocurrencies like bitcoin and ethereum are not fungible. This is because every public key and address on a cryptocurrency blockchain records an entitlement that is unique, in the sense that it is “uniquely identifiable as the latest output of a chain of traceable transactions which connect it back to the original output on the system when the [value or “coin”] was first mined.” Nonetheless, cryptocurrency protocols generally aim to ensure that, as far as possible, cryptocurrency is treated as interchangeable, i.e. fungible. As a result, it appears that the requirement for certainty of subject matter of a trust can be satisfied, and a valid trust is capable of being created, over an amount of cryptocurrency held by an exchange for a user, even though that amount is part of an undifferentiated larger amount of that cryptocurrency that is held by the exchange.
- Even if an exchange is found to hold cryptocurrency on trust for users (thereby trumping the rights of the general body of unsecured creditors of the exchange) difficult issues will arise where there is a shortfall in the insolvent exchange’s holdings of cryptocurrency. A Court will have to decide how the available cryptocurrency is to be apportioned amongst the users who are entitled to it: will the available cryptocurrency be apportioned rateably amongst the affected users or will a “first in, first out” approach be used? Further, what is the significance of the cryptocurrency being held on an “earmarked holding” basis as opposed to a “pooled holding” basis? I have suggested that a trust is able to arise in either instance, but the manner of holding – providing evidence of actual asset segregation where there are earmarked holdings- will most likely have an impact on the tracing process. All these questions, and many more, will have to be worked out over time.
 N Popper, Digital Gold: The Untold Story of Bitcoin, 2015, pp 19-24.
 Possibly up to 99% of the transactions occur “off-chain”: see M Summerville, ‘Crypto Trading: Platforms Target Institutional Market’ (TABB Group, 5 April 2018) at https://research.tabbgroup.com/report/v16-013-crypto-trading-platforms-target-institutional-market, cited in M Solinas, ‘Bitcoiners in Wonderland: Lessons from the Cheshire Cat’  Lloyd’s Maritime and Commercial Law Quarterly 433 at 434, 447, also see 452-456.
 W Suberg, ‘Exchanges Hold More Bitcoin Than Ever as Coinbase Wallet Nears 1M BTC’ Coin Telegraph, 24 January 2020, https://cointelegraph.com/news/exchanges-hold-more-bitcoin-than-ever-as-coinbase-wallet-nears-1m-btc, accessed on 3 February 2020.
 Australian Senate Economics References Committee Report, Digital Currency – Game Changer or Bit Player (2015) 4-5 , available at http://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Economics/Digital_currency/Report/ accessed on 3 February 2020.
 The text associated with nn 5-8 is adapted from D Kreltszheim, ‘Taking and Enforcing Security Over Cryptocurrency’ (2018) 34 Australian Banking & Finance Law Bulletin 105 at 105-106.
 See S Singh, The Code Book: The Secret History of Codes and Code-Breaking (1999), 270.
 When perfected, quantum computing will be the end of public key cryptography as we know it today, but that day is still a while away.
 D Kreltszheim , above n 5, at 105-106.
 The author would like to thank Mr Rory Manchee of Brave New Coin for his comments on a draft of this article (including this section in particular), without thereby implying that his comments were made in any official capacity or that he necessarily supports any of the author’s conclusions.
 See https://www.finder.com.au/otc-cryptocurrency-trading accessed on 3 February 2020.
: See https://www.coinbase.com/legal/user_agreement accessed on 3 February 2020.
 For example, see Elbaite at https://www.elbaite.io/ accessed on 3 February 2020.
 For an extensive list, see Finder “Cryptocurrency Exchange Finder” (3 February 2020), https://www.finder.com.au/cryptocurrency/exchanges
 See https://www.finder.com.au/otc-cryptocurrency-trading accessed on 3 February 2020.
 My thanks to Mr Moresh Kokane of Konkrete and Mr Rory Manchee of Brave New Coin for their insights in relation to “de fi” platforms. Any errors, however, are mine alone.
 For example, see https://makerdao.com (accessed on 3 February 2020).
 See the Australian Senate Economics References Committee Report, above n 4, paragraph 2.16.
 Australian Securities & Investments Commission, Information Sheet INFO 225, “Initial Coin Offerings and Crypto-Assets” (30 May 2019 Update), Part C available at https://asic.gov.au/regulatory-resources/digital-transformation/initial-coin-offerings-and-crypto-assets/ accessed on 3 February 2020.
 Where trades are settled instantly, as opposed to futures trading, where the buyer and seller agree to sell at a future date at a given price.
 Corporations Act 2001(Cth), section 766D.
 Corporations Act 2001(Cth), section 767A.
 Corporations Act 2001 (Cth), section 768A.
 Corporations Act 2001 (Cth), section 761D.
 Corporations Act 2001 (Cth), section 763D.
 Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), section 6(1), Table 1, item 50A.
 Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), section 6(6).
 Australian Senate Economics References Committee, above n 4, paragraph 6.35 to 6.37.
 Australian Senate Economics References Committee, above n 4, paragraphs 6.3 to 6.17.
 As noted by ASIC, “automated trading dominates the Australian equity markets and FX electronic platforms. Natural investors, risk managers and professional facilitators have embraced the use of algorithms within their executing businesses”: see Australian Securities & Investments Commission, Report 597: High-Frequency Trading in Australian Equities and the Australian–US dollar Cross Rate (November 2018), paragraph 6, available at https://download.asic.gov.au/media/4938274/rep597-published-15-november-2018.pdf accessed on 3 February 2020.
  SGHC (I) 03. Judgment handed down in March 2019, appeal heard in October 2019, decision pending as at 3 February 2020. The judgment of the Court of Appeal was handed down after this article was first submitted for publication so there are only very limited references to it in this article.
 See the discussion in K Low and E Mik, “Unpicking a Fin(e)tech Mess: Can Old Doctrines Cope in the 21st Century?” Oxford Business Law Blog, available at https://www.law.ox.ac.uk/business-law-blog/blog/2019/11/unpicking-finetech-mess-can-old-doctrines-cope-21st-century accessed on 3 February 2020; V Ooi and KP Soh, “Cryptocurrencies and Code before the Courts” (2019) 30 Kings Law Journal 331, available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3439306 accessed on 3 February 2020.
  SGHC (I) 03, at paras  and .
  SGHC (I) 03, at para .
  SGHC (I) 03, at para .
  SGHC (I) 03, at paras  and  (first instance);  SGCA (I) 02, at paras  to  (majority of the Court of Appeal).
  SGHC (I) 03, at paras  to  (first instance);  SGCA (I) 02, at paras  to  (majority of the Court of Appeal).
  SGHC (I) 03, at paras  to (first instance);  SGCA (I) 02, para  (majority of the Court of Appeal).
 See K Low and E Mik, above n 26.
 Ibid. Also see the comments of Jonathan Mance IJ (in dissent) in the Court of Appeal  SGCA (I) 02, at para . But compare the comments of the majority of the Court of Appeal at  SGCA (I) 02, at paras  to .
 As noted above, the judgment of the Court of Appeal was handed down after this article was initially submitted for publication so there are only very limited references to it in this article.
 K FK Low and E Mik, “Pause the Blockchain Revolution” (2020) 69 International & Commercial Law Quarterly) 135, available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3439918 accessed on 3 February 2020.
 See n 25 above.
 See n 56 below.
 See Elena Vorotyntseva v Money-4 Limited Trading as Nebeus.com and others  EWHC 2596 (freezing order against exchange and its controllers where applicant allegedly provided exchange with 293.64583085 bitcoin and 400.39984802 ether, collectively worth £1.5 million at the time of the application in August 2018); Liam David Robertson v Persons Unknown (Unreported, 15 July 2019) (claimant allegedly sent 100 bitcoin to a fraudster, who sent 80 bitcoin to the second defendant who held that bitcoin in a wallet provided by the third and fourth defendants, who operated a UK-based bitcoin exchange); AA v Persons Unknown, iFinex trading as Bitfinex, BFXWW Inc trading as Bitfinex  EWHC 3556, decided on 13 December 2019, published on 17 January 2020 (interim proprietary injunction obtained by insurer who had traced a cyber attack ransom paid in bitcoin to public addresses apparently connected with the Hong Kong-based exchange Bitfinex).
 See T Copeland, “The Complete Story of the QuadrigaCX $190 Million Scandal” Decrypt, 13 March 2019, updated on 16 December 2019, available at https://decrypt.co/5853/complete-story-quadrigacx-190-million accessed on 3 February 2020.
 This is not a term of art. It originally meant an owner’s mark on an animal’s ear; it is used as a verb to denote setting something aside, intend, for a particular purpose: Chambers English Dictionary (1990).
 A wallet is not a physical thing. It is software that manages private/public key pairs that need to be accessed in order to “spend” value that is available on the relevant cryptocurrency blockchain: see A Narayanan, J Bonneau, E Felton, A Miller and S Goldfeder, Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction (2015), 77-79; A Antonopoulos, Mastering Bitcoin: Unlocking Digital Cryptocurrencies (2015), 86-109. For an explanation of public and private keys, see nn 5 to 8 above.
 This is why this method is different from the “direct holding” model explained in the text associated with n 8 above.
 See R Anderson, I Shumailov, M Ahmed and A Reitmann, “Bitcoin Redux” (2018) Cambridge University Computer Laboratory, available at https://weis2018.econinfosec.org/wp-content/uploads/sites/5/2018/05/WEIS_2018_paper_38.pdf accessed on 3 February 2020.
 See the description of online wallets in A Narayanan and others, above n 42, 88.
 See R Anderson and others, above n 44.
 A Antonopoulos, above n 42, 237; A Narayanan and others, above n 42, 76-79.
 See the text associated with n 43 above.
 D Fox, “Cryptocurrencies in the Common Law of Property” in D Fox and S Green (eds) Cryptocurrencies in Public and Private Law (2019) 139, 150; C Hare, “Cryptocurrencies and Banking Law: Are There Lessons to Learn?” in D Fox and S Green (eds) Cryptocurrencies in Public and Private Law (2019) 229, 236-237.
 See D Fox, above n 49, 150; C Hare, above n 49, 238. My view is different: see the text associated with n 62 below.
 See M Solinas, above n 2, 447.
 Id, 448-449. My view is different: see the text associated with n 63 below.
 Id, 448.
 See R Anderson and others, above n 44, 13-14, 28. My view is different: see the text associated with n 64 below.
 As was the case in the August 2016 hack of the Hong-Kong based exchange Bitfinex, which led to the theft of 119,756 bitcoins (worth over USD 900 million at late January 2020 conversion rates).
 See I Kaminska, “Day Three Post Bitfinex Hack: Bitcoin Bailouts, Liabilities and Hard Forks”, Financial Times (5 August 2016) available at https://ftalphaville.ft.com/2016/08/05/2171910/day-three-post-bitfinex-hack-bitcoin-bailouts-liabilities-and-hard-forks/ accessed on 3 February 2020. But it appears that the losses may indeed have been spread across all of the exchange’s users: see Clare Baldwin, “Bitfinex Says Expects ‘Socialized Loss’ for $72 million Bitcoin Hack”, Reuters (6 August 2016), available at https://www.businessinsider.com/r-bitfinex-says-expects-socialized-loss-for-72-million-bitcoin-hack-2016-8/?r=AU&IR=T accessed on 3 February 2020. The issue of loss allocation between users is discussed further below.
 See D Kreltszheim, above n 5, 106. Also see the UK LawTech Delivery Panel’s UK Jurisdiction Taskforce, Legal Statement on Cryptoassets and Smart Contracts (2019) paragraphs 15, 35-41, 85 (hereafter “LawTech Delivery Panel Statement”), available at https://technation.io/about-us/lawtech-panel/ accessed on 3 February 2020. I am indebted to Gregory Clayton and Paul Agnew of Cornwalls for bringing the LawTech Delivery Panel Statement to my attention.
 B2C2 v Quoine  SGHC(I) 03 at para . The Court of Appeal in this case left the issue open for another day because it found that there was no certainty of intention to create a trust in any event:  SGCA (I) 02, at paras  and .
 See AA v Persons Unknown, iFinex trading as Bitfinex, BFXWW Inc trading as Bitfinex  EWHC 3556, decided on 13 December 2019, published on 17 January 2020.
 See D Kreltszheim, above n 5, 107; LawTech Delivery Panel, above n 57, paragraphs 36, 100-106.
 See D Kreltszheim, above n 5, 107-108; LawTech Delivery Panel, above n 57, paragraphs 36, 37, 107-109.
 See K FK Low and E GS Teo, “Bitcoins and Other Cryptocurrencies as Property?” (2017) 9(2) Law, Innovation and Technology 235, 248, 252-254; D Fox, above n 49, 143-145, 147-148, 154-155; LawTech Delivery Panel Statement, above n 57, paragraphs 63-65; M Solinas, above n 2, 440.
 Contrast the view of the commentators cited in n 50 above.
 Contrast the view of the commentator cited in n 52 above.
 Contrast the view of the commentators cited in n 54 above.
 See D Fox, above n 49, 147.
 See White v Shortall  FLR 254,  NSW SC 1379 at paras  to . This case criticised the reasoning in the English case of Hunter v Moss  1 WLR 934 but nonetheless made a comparable finding for different reasons. Other authorities are cited by M Solinas, above n 2, 448-449.
 See the text associated with n 62 above.