Cryptocurrency Theft Lawsuits Diminish Amid Rise in Cybercrime | #cybercrime | #infosec

In the aftermath of digital heists, legal relief remains scarce for victims suing cryptocurrency platforms and mobile service providers accused of inadequately safeguarding users’ assets, including crypto wallets and phone numbers.

Despite rising cybercrime, complaints blaming crypto theft on lax company security fell to a mere 11 cases in 2023 after peaking at 20 new cases a year earlier, according to an analysis of Bloomberg Law’s docket data. The primary reason for victims’ inability to find relief in court is private arbitration provisions saving the largest cryptocurrency exchanges and mobile providers from litigation, dockets show.

Arbitration and other contractual protections like liability caps are shielding these popular targets of crypto theft hacks—cryptocurrency exchanges including Coinbase Global Inc. and some of the country’s largest cellular operators —from costly legal decisions. Plaintiffs’ failure to gain traction with crypto-theft lawsuits points to a concerted and successful legal strategy adopted by the cryptocurrency industry in response to an onslaught of hacks and lawsuits in prior years, said Scott Wortman, a partner specializing in financial services defense litigation at Blank Rome LLP.

“We’re seeing a lot more legal sophistication amongst the cryptocurrency industry, and we typically see that with new and emerging technologies,” Wortman said. “The other aspect besides enforcing arbitration is putting caps on liability,” because until a few years ago crypto companies hadn’t established contractual protections “that were sophisticated enough to enforce.”

Crypto has been an especially popular financial target for hackers and ransomware attacks because it’s harder to trace than more traditional financial transactions using US currency. The diminishing lawsuits seeking monetary recovery dovetail with recent research revealing that while hacking incidents rose in 2023, the total value stolen from crypto exchanges fell by more than half in a year, according to blockchain analysis firm Chainalysis. Of the new lawsuits filed in 2022, only one remains active while seven were dismissed and eight pushed into arbitration.

Two of the suits filed last year were voluntarily dismissed but the other nine remain active. More than half allege a customer’s cryptocurrency was stolen via a scam called SIM swapping in which hackers overtake an individual’s phone number and use it to log into their accounts.

“Potentially you’re seeing an over-concentration in the publicly-filed litigation because remember, you’re just seeing publicly-filed litigation on the SIM-swap, because there’s somebody else to sue,” said Brenda Sharton, the global chair of Dechert LLP’s cybersecurity practice. That makes mobile service companies “attractive targets,” she added.

“If it’s phishing, who are you going to sue?” she said.

Legal Lessons

One possible explanation for the sudden drop-off may be that the plaintiffs’ bar hasn’t found crypto cases profitable, said Sterling Miller, CEO and senior counsel at Hilgers Graben PLLC.

Most crypto theft litigation has been filed by individual victims, with few class actions filed over elaborate, targeted hacking campaigns. Most of the complaints end up dismissed or sent to private arbitration before reaching monetary settlement. Juries are almost never involved, according to Bloomberg Law’s data.

In-house counsel should take note of the resolved litigation as examples of successful methods for killing cases and avoiding litigation on crypto theft, Miller said. General counsel should ensure their “terms and conditions have an arbitration provision and a no class action provision,” because courts generally uphold those, he said.

One of the few still-active class actions involves claims that Atomic Wallet’s lax cybersecurity protections enabled North Korean cybercriminals to steal over $100 million in funds from approximately 5,500 user wallets.

Avoiding lawsuits via arbitration also helps companies avoid public disclosures, from unwanted media attention to court records—companies facing certified class actions must notify state and federal regulators. These disclosures open “doors you want to remain closed no matter what,” Wortman said, who also advises clients on financial services regulation.

Wortman said one open question in case law is whether cryptocurrency qualifies as funds under the 1978 Electronic Funds Transfer Act, as he said district courts have issued diverging rulings in cases alleging violations of the law.

Cyber Defenses

Crypto theft peaked in 2022 as hackers stole an aggregate of $3.7 billion in funds, Chainalysis’ report found. In one of the year’s largest crypto cybersecurity incidents, hackers swiped approximately $600 million from gaming blockchain company Ronin.

“Most of the time these are common law claims of negligence, and these are very sophisticated threat actors,” Sharton said. “So you can have a state-of-the-art program and still get hacked.”

Despite crypto hacks intensifying in 2023, just $1.7 billion in funds was stolen, according to Chainalysis. This was likely due to a combination of bolstered platform security and the decreased value of widely-used tokens such as Bitcoin that year, Wortman said.

“The high profile compromises of exchanges and wallets brought several companies down due to lack of trust,” Ken Westin the field chief information security officer at cyber threat detection firm, Panther Labs, said in an email.

“There has been a lot more focus on securing crypto wallets after some of the large compromises of accounts,” he said.

Source link


Click Here For The Original Source.


National Cyber Security