The Story Behind Hong Kong’s First Crypto-Litigation (Part 2): Technical Issues
Whilst the Plaintiffs in HCA 1980 of 2015 ultimately decided to pay the Defendant’s full costs and discontinue the case before making it to trial (i.e. a surrender, not a settlement), the significance of technical issues raised in this case (though not adjudicated upon) cannot be overlooked.
This article will therefore explore the technical points that was raised by the Defence which also highlights the importance of technical proficiency (for lawyers) in the information age.
Background of the Plaintiff’s Allegations
The way that the Plaintiff’s solicitors presented the Plaintiff’s case was simple. The Plaintiff (the major Bitcoin Mining Company in the PRC) alleged that on 12 June 2015, the Plaintiffs entered into an agreement with a third-party for the sale and purchase of 500 Bitcoins after which the Third-Party’s Wallet Address was provided.
Later that evening, the Plaintiff’s employee, in the comfort of her own home, alleged that she correctly “copied and pasted” the said wallet address from an email from the Third-Party when using the Defendant’s exchange. No attempt was made to check whether the correct wallet address was inputted during the course of the transaction.
It was later brought to the Plaintiff’s attention (after the transaction) that their 500 Bitcoins ended up at a different (allegedly unintended) address. The Plaintiff attempted prove their case by showing that according to the “auto-fill” of the Plaintiff’s Google Chrome account, the correct wallet address was shown. Accordingly, the Plaintiff alleged the cause of the bitcoins ending up in the wrong address must be the result of a hack.
An interesting fact is that during the pre-action stage, the Plaintiff has put on record their account of events during which the Plaintiff somehow mis-copied the third-party’s wallet address. This error was subsequently transcribed into the pleadings and remained unnoticed (by both the Plaintiff and the Plaintiff’s Solicitors) until the Defence pointed it out during the interlocutory stage.
The Defence team, with their own IT specialists, was able to discover this error upon examination of the transaction records on the Blockchain.
Technical Issues Raised by the Defence
Due to the history of the Plaintiff’s repeated failure to correctly state the relevant wallet address in court documents, one of the first issues raised was that it was the Plaintiff’s staff who did not properly copy and paste the correct wallet address while conducting the transaction. This theory is further supported by numerous court documents of which the Plaintiff verified yet failed to notice such error which was a critical fact (i.e. stating the correct address).
Furthermore, it was also pointed out by the Defence that the Plaintiff had turned on various data autofill/optimization tools which would interfere and/or overwrite and/or compromise the Plaintiff’s data input process. It is noteworthy that by this point, this assertion was difficult to counter as the Plaintiff’s legal team has adduced such evidence themselves (i.e. via pleadings and affirmations).
Issues of human error aside, the evidence presented by the Plaintiffs further highlighted the fact that the most basic of IT Security practice appears to have been neglected in that the Plaintiff admitted the use of Google Chrome Browser (a browser that was banned in the PRC) was used to perform the transaction (hence the illegal use of VPN is implied). Thus, the Defence was able to further raise that even if there was any hacking (which was denied), the likely point of attack would have been the Plaintiff’s IT system (keeping in mind the transaction was performed in a residence of the Plaintiff’s staff – not the Plaintiff’s office).
The Plaintiff’s case was only further derailed when (with server data to support) it was advanced by the Defence that the Plaintiff’s transaction was locally verified via a SMS Verification Code Protocol, meaning, the entire input process was verified by the Plaintiff putting into doubt of the Plaintiff’s case.
Take Away Points
In short, the Defence was able to virtually take apart the Plaintiff’s case using the Plaintiff’s own evidence. This case servers as a stark reminder that:
1. ‘Copy-and-Paste’ and ‘Auto-Fill’ tools are Dangerous (for both the lay-client and solicitors)! Though this invention has made lives of countless human beings easier, this case highlights the need for technical diligence is ever more important. This is especially true for cryptocurrency transaction as the manual typing of wallet addresses are simply too tedious for most people.
2. It is also Critical for Lawyers to Understand how Technology Functions. The way that the Plaintiff went about proofing their case only highlighted their own potential negligence during the transaction. The Plaintiff’s legal team has simply adduced far too much detrimental evidence of which, had they understood the implications of such evidence (on an IT level), the Plaintiff might have thought twice before adducing the same.
3. The Beauty of Blockchain Technology. The Plaintiff’s entire transaction here was captured on the Blockchain. Basic knowledge of its use by the Defence was hence instrumental.
Editor’s Note: This piece is a follow-up to the Industry Insights article, “The Duty of Full and Frank Diligence in Ex-parte Applications,” published on P.52 of the Hong Kong Lawyer’s August 2018 issue.
This article was co-authored by Joshua Chu from ONC Lawyers, and it first appeared in The Law Society of Hong Kong. Read the original article here: http://www.hk-lawyer.org/content/2020-review-2021-outlook-crypto-markets-around-world.