Blockchain technology has developed by operating autonomously, outside of the jurisdiction of any state. By its design, a blockchain does not require any traditional legal instruments (like those in contract law) or intermediaries in order to transfer crypto assets between users through blockchain applications worldwide (as well as to buy, sell, lend, borrow, deposit assets for staking, etc.). Enforcement of these relationships is done automatically by achieving consensus or by executing smart contracts when pre-defined code rules are met. However, while operating alongside legal systems, the blockchain intersects with them and produces legal consequences for crypto users in their daily reality. One of the key aspects here is the ownership of crypto assets.
Crypto assets can be held, used, and disposed of. These properties de-facto give bitcoin a character of personal property (it is intangible as it does not have any physical presence). In traditional terms of private law, a property can be acquired in the ways specified in the national laws (e.g., by possession, agreement, and prescription). In the case of blockchains, the concept of private keys (a form of cryptography) has been put in the first place where the transfer of crypto assets does not depend on any legal rules. Whoever has a private key fully controls his or her cryptocurrency stored in a corresponding public address.
When new crypto coins have been minted (first issued), they go to a public address of their first possessor, and the latter acquires the right of ownership to them. His private key is prima facie evidence of the ownership.
A person can acquire crypto assets that have already been transacted before the acquisition. While within the legal framework, the transfer of ownership is mainly performed by agreement on behalf of the legal owner. In a blockchain, the transfer is done through a digital signature generated by applying the private key. The digital signature is used to prove that the sender owns the private key without revealing it, and ensures that the transaction cannot be modified once broadcast to the network. In such a case, a third party, who receives crypto assets to his public address, becomes the new owner (provided he has the private key to this address). Meanwhile, the funds leave the control of the sender and go over to the recipient.
Sometimes a crypto owner transfers his crypto assets to a wallet of a third party without the intention of disposing of them and discontinuing his ownership, as in the case of the transfer to a custodian crypto wallet (e.g., a CEX) where the owner relies on the third party that the latter will return his assets.
But what if circumstances go against the will of the initial owner who has transferred his funds, for instance?
- The custodian wallet is hacked and is not able to return funds to its customers;
- The person transfers his assets by mistake or by fraud;
- The person, by the fraudulent conduct of a third party, reveals his private key, and the latter further steals his crypto assets.
Such situations raise questions concerning a change in ownership (whether a malefactor or an unjustified enriched person becomes a new owner of the crypto assets) and the possibility of reversing the transfer. Under the law, the property owner has a set of legally enforceable rights (e.g., a transaction can be declared null). In relation to a blockchain, it is difficult to enforce any similar rights because of many issues with which law enforcement bodies may face. For instance, once confirmed by a blockchain network, a transaction is valid, irrevocable, and stored in a distributed immutable ledger. Therefore, even though the hacker illegally obtains crypto assets, he can dispose of them (unless most nodes vote for a hard fork to make this transaction invalid, which is an extraordinary situation).
Things do not seem simpler from a legal point of view, either. Unless unified on a supranational level, the private law is a national matter of every state which may each treat cryptocurrency differently (e.g., as commodities, property, securities, money). Besides, to seek judicial protection, the owner of crypto assets may be required to prove that he has obtained his rights to the assets under the applicable laws and/or he originally got the assets from a ‘legal owner.’ Such examination to determine a cryptocurrency’s legal ownership might be quite complicated given the pseudonymous character of blockchains’ public addresses. The identification might even be impossible if transactions are performed with privacy oriented cryptocurrencies or even privacy hosted blockchains, such as the Secret Network or the Incognito Network, which make them fully confidential and untraceable.
We can find some approaches to the enforcement of cryptocurrency owners’ rights in the relevant jurisprudence accumulated in the last several years. For instance, in 2019 the English Court clarified bitcoin’s status as property, assisting affected parties to get back their crypto assets which were unlawfully obtained by third parties. In AA v Persons Unknown & Ors, Re Bitcoin EWHC 3556 (Comm), using special software, the affected party was able to figure out cyber attackers’ movements with the misappropriated bitcoins and applied to the court for an interim proprietary injunction over these bitcoins held in the attacker’s account on Bitfinex, a cryptocurrency exchange. The Court upheld the applicant’s application, deciding that “cryptocurrencies are a form of property capable of being the subject of a proprietary injunction.” The Court took a similar position in Robertson v Persons Unknown, unreported, CL-2019–000444, where an asset preservation order was granted over bitcoins transferred in error. According to this case, Mr. Robertson received a fraudulent email which prompted him to send 100 bitcoins to the fraudster. Later, 80 of those bitcoins were traced to a wallet held at Coinbase (in the UK). In view of this, Mr. Robertson claimed to return the bitcoins’ value, as it constituted unjust enrichment on behalf of those Persons Unknown.
It should be noted that in the aforementioned cases, the stolen assets were found in the wallets of the custodians (the crypto exchanges), who generally exercised real control of their customers’ assets and, because of their centralized nature, could freeze the assets or provide customer data (due to KYC rules) if the authorities required it.
In relation to the decentralized blockchain networks, nowadays there are several legal approaches which attempt to comprehensively cover relations occurring in this sphere:
- Acknowledgement of new forms of ‘law’ (so-called ‘lex cryptographica’) where smart contracts and DAOs govern themselves while centralized authorities might not be able to control this sphere by existing means.
- Full or partial application of the private law’s rules and principles (or national law) to the blockchain’s operations.
- Acknowledgement of the blockchain as an autonomous order, at the same time, supplementing it, if needed, with a remedy as prescribed by identifiable national law . This approach seems to be more reasonable as it gives injured crypto owners an opportunity to obtain legal protection outside of the blockchain, without interference by lawyers through the blockchain’s self-sufficient ecosystem.
It may also happen that in the future, there will be no need to resort to legal enforcement, as new sophisticated blockchain solutions are developing. In this regard, it is worth noting VerusID. According to the Verus blog, VerusID is a crypto address with features of revocability, recoverability, and time-locking, which can be configured in such a way that “it’s very unlikely that coins will be stolen or lost” (for example, it is possible to associate the ID with another private key). Being created on the Verus network, this attribute may further be massively expanded throughout the network.
In conclusion, the practice has shown that within decentralized and pseudonymous systems, the mere possession of a private key (which can be subsequently protected by new technological solutions) should be considered sufficient to prove crypto assets’ ownership. Thus, a private key holder may be presumed to be the legitimate owner of the relevant crypto assets, unless otherwise proven, e.g., by providing additional evidence by the party challenging this right.