Hacked Coin Exchange: Mt Gox
James (not his real name) is a Bitcoin investor.
Back in 2014, James used Mt Gox, the world’s biggest coin exchange. He stored all his Bitcoins there.
Until one day, when Mr Lim woke up to find that Mt Gox had been hacked, and all of its Bitcoins were gone.
Mt Gox was a name that was known to many crypto investors. If you were a Bitcoin buyer, you would have heard of them.
Even Roger Ver, dubbed by many as the Bitcoin Jesus, had at one point said in a widely viewed YouTube video, Mt Gox is OK.
It Was July 2013.
“I’m Roger Ver, longtime Bitcoin advocate and investor,” said Roger, looking slightly off camera. “Today I’m in the Mt Gox world headquarters in Tokyo, Japan. I had a nice chat with Mt Gox CEO, Mark Karpeles, about their current situation. He showed me multiple bank statements, as well as letters from banks and lawyers. I’m sure that all the current withdrawal problems at Mt Gox are being caused by the traditional banking system. Not because of a lack of liquidity at Mt Gox.
“The traditional banking partners that Mt Gox needs to work with are not able to keep up with the demands of the growing Bitcoin economy. The dozens of people that make up the Mt Gox team are hard at work, establishing additional banking partners that will eventually make dealing with Mt Gox easier for all their customers around the world. For now, I hope that everyone will continue working on Bitcoin projects that will make the world a better place.”
Roger Ver had apparently been placating the nervous Bitcoin investors that their difficulties in withdrawing money was only momentary.
He was reassuring the general public that Mt Gox was OK.
Seven months later, Mt Gox was hacked.
In its wake, there were people who got burned pretty badly. And in Singapore, one 28-year old American CEO jumped to her death. Autumn Radtke had been the CEO of the virtual currency exchange, First Meta.
In the Mt Gox incident, 850,000 Bitcoins were stolen. 750,000 of those belonged to their clients.
At the time of the loss, one Bitcoin was selling at about USD$827.
Hacked Coin Exchange: Coincheck’s Missing NEM Coins (XEMs)
XEMs are the tokens of the NEM blockchain.
In late January 2018, about $543 million USD worth of XEMs were stolen from Coincheck, a Japan-based coin exchange.
The hacked coin exchange moved quickly to allay the worst fears of its clients. Coincheck announced that it would pay back the owners of the hacked NEM coins.
Apparently, a computer at Coincheck’s office had been infected by a virus via e-mail. It had become remotely controlled by the attacker, who used the private key of Coincheck’s computer to send out the NEM coins.
Coincheck’s operators felt responsible to pay back all their customers who had lost their NEM coins.
Not surprisingly, the announcement has led to an increase in the price of XEMs (the tokens of the NEM blockchain).
Hacked Coin Exchange: Legal Obligations
So what are the legal obligations of the coin exchange operators? Are they liable in any way for the tokens that have been stolen?
One of the basic problems that we face is the refusal of many state governments to recognise bitcoin, and other virtual currencies, as legal tender. The fact the bitcoin currency is not a legal lender doesn’t mean it’s illegal.
It’s just like, alcohol is haram in Islam, so it’s all right to destroy alcohol in classical Islam. Why destroy it?
The first question is often, are bitcoins worth anything?
If bitcoins are not worth anything, then, can a hacked coin exchange be held liable to compensate its customers?
But that question is highly misleading.
Because coin exchanges make money out of the trading of bitcoins, and other virtual coins (often called “altcoins”), they have already recognised the intrinsic value of those bitcoins.
Because they can put a dollar value to the bitcoins, it will not be fair to say, “bitcoins are not legal tender, so I don’t have to pay.”
The Real Question for Hacked Coin Exchanges
The real question should be, did the coin exchange promise to safeguard the bitcoins of its users?
Did the crypto exchange make any representation that the bitcoins would be safe on the web wallet? This is yet another good reason to hold your private keys.
When its customers and users used the coin exchange, for trading and deposit of virtual currency, did it display any disclaimer and warning to its users?
Most coin exchanges would accept a deposit of bitcoins because it means money to them.
They would not display on their front page, “Warning — you might lose all your Bitcoins by using this website”.
They dare not, because it means business for them.
And as business operators, they have an obligation to ensure that their code is safe and secure.
That means using HTTPS where possible. Using secure protocols where possible.
There is probably such a thing as negligence and failure to discharge duty, for coin exchange operators.
If they knew that something could be done, but they failed to do it — it’s negligence.
If they knew that something was important, and it was within reach — it’s a duty for them to carry it out.
The concept of duty of care is a basic one.
Every man has a duty of care to those around him.
Coin exchanges have a duty of care to their customers.
The coin exchange operator would know, that their customers are relying on them to keep the coin exchange safe.
They would know that nobody else but them can carry out the duties.
Maybe it would be a law in the future, but for now, it’s not.
But think of it this way. Would you put your money in the vault of a bank, if you were told that you could lose your money that very night?
You would probably reason with yourself that, “Hey, it’s a bank vault. It should be safe.”
So the duty of care is a two way road, in actual practice.
There is a duty of care because there is an expectation by the customer that the coin exchange would keep its coin exchange safe and secure.
And failure to keep those coins safe, can mean only one thing…
This article has been prepared for general information and the reading pleasure of the general public. While there are some nuggets of wisdom that are being shared, your case might be different. We invite you to contact a lawyer from our team for a consultation.