In LMN v Bitflyer Holdings Inc and others  EWHC 2954 (Comm), the English High Court again demonstrated its willingness to exercise its broad powers to support victims of crypto-theft and fraud seeking recovery of their assets. The action was for information orders under the so-called Norwich Pharmacal and Bankers Trust jurisdiction. The court orders require foreign exchanges to provide LMN – a UK exchange – detailed customer information (including KYC information), in support of LMN’s efforts to recover $10.7 million worth of misappropriated cryptocurrency.
The action was brought by an operator of a crypto exchange based in the UK – LMN. LMN holds cryptocurrency in its own name and, in a manner analogous to conventional banking, owes a personal obligation to pay the relevant amount to each customer. A percentage of its cryptocurrency reserves is accessible via the internet through 'Hot Wallets'.
After hackers obtained access to LMN’s systems, they transferred some millions of dollars-worth of cryptocurrency from it. In the sequel, LMN instructed an expert to trace the cryptocurrency which had been transferred by the hackers. However, whenever the tracing reached an 'exchange address' the expert could not discover what became of the cryptocurrency thereafter. This is because 'exchange addresses' are addresses owned and operated by the exchange itself. Whilst such addresses tend to be associated with a particular customer, the actual crediting of cryptocurrency to the relevant customer's account takes place 'off-chain' (ie via an internal accounting exercise). Cryptocurrency received into an 'exchange address' will be often merged by the exchange into an 'omnibus wallet' which is used to service multiple customers' requests.
In the end, the expert managed to identify 26 recipient addresses, which were 'exchange addresses'.
LMN argued that, as all these addresses are 'exchange addresses', it is impossible to trace the cryptocurrency any further without information from the exchanges about the individuals behind the transactions. In the case of exchanges either operated by one of the Defendants or by an associated company, LMN had reason to believe that each collected know your client ('KYC') and anti-money laundering ('AML') information, and thus might be able to provide relevant information. On this basis it made a request for information against the Defendants.
The court came to the conclusion that the conditions for an information order under Norwich Pharmacal and Bankers Trust were met.
Accordingly, it ordered the foreign exchanges to provide LMN with the following information: “in respect of any customer account(s) which the Target Cryptocurrency [i.e. the misappropriated assets] was allocated to and/or received on behalf of: (a) the name the account is held in; (b) all ‘Know Your Customer’ information and documents provided in respect of the account(s); (c) any other information and documents held in relation to the account(s) which does (or which the relevant Defendant consider is likely to) identify the holder of the account(s), including email addresses, residential addresses, phone numbers and bank account details […]”
Further, the court directed the defendants to each provide to LMN, “to the best of the Defendant’s ability: (a) an explanation as to what has become of the Target Cryptocurrency […]; (b) the balance in the customer account referred to under sub-paragraph (a) above: (i) immediately before it was allocated and/or received the Target Cryptocurrency; and (ii) at the time of that Defendant’s response pursuant to this order”.
Overall, the judgment shows once again that English courts are willing to give the victims of crypto fraud assistance in recovering misappropriated funds. The flexibility of the English procedural law is certainly attractive for such victims.