Catch Me if You Can: Are Crypto-Fraudsters One Too Many Steps Ahead of the Law?

By Keith Oliver, Partner, and Amalia Neenan, Legal Researcher at Peters & Peters 


Based on a true story, the 2002 Spielberg masterpiece Catch Me If You Can is a thrilling game of cat and mouse between Tom Hanks’ FBI Agent, Carl Hanratty in his never-ending pursuit of Leonardo DiCaprio’s ingenious teenage con-man, Frank Abagnale Jr., who became one of the US’s most prolific fraudsters by the time he was 22 years old.

Always in view, but never in reach, Abagnale expertly stays a tantalizing three steps ahead of his chasers. The same can be said of today’s crypto-fraudsters, who leave in their wake a trail of devastation with no means to catch them. Or so it seems.

Mo Crypto Mo Problems

The slew of high profile crypto-frauds that have permeated the media, show that this type of crime is significantly on the rise. Cryptocurrency security firm CipherTrace, report that $1.2 billion has been stolen through various cryptocurrency-based frauds in just the first quarter of 2019, $356 million of which was exclusively looted through exchange hackings.

Exchange hacking is the crypto-fraud du jure, with high profile scandals such as the $32.3 million hack of Japanese exchange Bitpoint and the ever-evolving mystery surrounding QuadrigaCX. In the latter example, over 115,000 investors have been left staring into a crypto-abyss, after the 30-year-old founder of Canada’s largest cryptocurrency exchange, unexpectedly (and purportedly) died last December, sealing off any and all access to over £145 million (over $180 million) worth of cryptocurrency.

The founder and CEO was the only custodian of the password and recovery key to the cold wallet used to store the currency. After entering into creditor protection in Nova Scotia in January 2019, court appointed auditors Ernst & Young traced transactions via the blockchain, to determine that the wallet in question had been emptied five months prior to Cotton’s supposed death.

The plot thickened when it was discovered that much like Frank Abagnale Jr., Mr. Cotton had himself assumed another identity to funnel over $200 million of customer funds out of the exchange for personal use.

With the name ‘Chris Markey’, Cotton fashioned fake accounts on Quadriga, falsified their credit amounts with non-existent fiat currency, and used that to fraudulently purchase cryptocurrencies from his customers.

Clearly, the march of tech is outpacing the law. The latest virtual currency phenomenon is now targeting children, through the online gaming platform Fortnite: Battle Royal. Here, players battle it out in a simulated Hunger Games-esque set up. The game uses digital currency, V-bucks, to purchase weaponry to kill other players - virtually of course! And this is a big deal.

This year’s World Cup, saw a 15-year-old win $2.25 million after finishing in second place. With the potential to win serious money, and the relatively lax restrictions on player eligibility, one can only wonder how long it will be before V-bucks are manipulated by nefarious actors, seeking to hijack the system for illicit means. Let’s hope the prize money is in ‘real’ banknotes!

Tools for the Future?

What then can be done to curtail this rampant criminality? The first issue is ‘whom to sue?’ In the fiat currency sphere, it’s simple enough to go to your bank, alert them of the fraud and work towards reparation. With crypto, things are never that simple.

Due to anonymization and the lack of third-party intermediaries who could be slapped with court orders to provide account holder information, there is little personal data available. How then do you sue when you don’t know precisely who is or are to be the defendants?

Thankfully, the UK courts may offer a solution. Whilst not a crypto-case per se, the recent judgment in CMOC Sales & Marketing Limited v Person Unknown and others [2018] EWHC 2230, could, with a few digital upgrades, cross-apply in the crypto-sphere.

law-1991004_1920.jpgSource: Pixabay.com

The case concerned an alleged fraud, committed by persons unknown infiltrating the email account of a senior official at a company and using it to order the fraudulent transfer of £6.3 million ($7.8 million) from the company’s account.

Worldwide Freezing Orders and Disclosure Orders were granted to enable the claimants to put together a financial picture of who might be responsible. These tools are seamlessly transferable to crypto-fraud cases, where it would be relatively simple to impose a WWFO against the wallet holder identified by their activity in the blockchain.

Yet in terms of specific crypto remedies, the law may still be lagging. The key problem relates to definitional discrepancies on how to class cryptoassets, which in turn impacts the remedial actions available to victims. The UK has no formalised regulatory definition, however HMRC has recently suggested that for the purposes of Inheritance Tax, cryptoassets are property.

If this is the case, a wealth of Confiscation and Restraint Orders obtainable under The Proceeds of Crime Act 2002 (POCA), may be effective if crypto falls within the section 84(1) definition of realizable property.

This was successfully tested in R v Teresko (11 October 2017, unreported), where an order under s41(7) of POCA was sought to grant the conversion of £1.25 million ($1.55 million) worth of Bitcoin into sterling, after it was seized from a convicted money launderer and drug dealer who was using the tech to conceal the profits of his criminal activities.

There is still a way to go however. Catch Me if you Can ends with Hanks finally outsmarting DiCaprio, having become attuned to his modus operandi and movements. Comparatively, the law is still embryonic in its response to the burgeoning area of crypto-fraud and is largely playing catch-up.

We are having to supplant our knowledge of how to act when ‘traditional bad guys’ have stolen ‘traditional money’. Therefore, the law needs to take a leaf out of the Spielberg playbook, supercharging our existing orders by underpinning them with a comprehensive regulatory framework and ramping up efforts to meet the threat head on.

Anyone favor a return to the days of bartering? Jon Snow never had these problems, and the strength of the Iron Throne was secured by gold. Never forget the brilliance of James Bond / Ian Fleming’s ‘Goldfinger’ in 1964 with the last-minute failure to make Fort Knox’s garrison of gold radioactive for hundreds of years. And that was before the Internet!