Litigation: Civil

Subscribe to Litigation: Civil via RSS

According to a recent Bloomberg Law article [subscription required], in the past year there has been a sharp decline in active civil suits against cryptocurrency exchanges, digital wallet, mobile phone providers and others involving claims related to crypto hacking incidents or cybertheft, due, in part, to increased security protocols and

Way back (if we’re counting tech years) in 2014, artist Kevin McCoy (“McCoy”) created a digital record of his pulsating, octagon-shaped digital artwork Quantum on the Namecoin blockchain on May 2, 2014, thereby minting “the first NFT.” A lot has happened in the digital asset and NFT space since that

It is not unusual for users of a platform or of software to challenge the enforceability of a company’s terms of use if they take issue with the company’s product or service and decide to bring suit. As most terms of use contain an arbitration clause (or mandated dispute resolution process) and disclaimers of liability, the questions of user assent to and the overall enforceability of the terms of use become central issues early on in litigation. In each case, judges adjudicating legal challenges to site terms generally examine the circumstances behind the online contracting process closely – scrutinizing the user interface, the presentation of the terms and the reasonableness of the relevant provisions governing the transactions or online accounts at issue. In some instances, courts have ruled that online terms were unenforceable for a variety of reasons, often owing to the non-conspicuous presentation of the terms or that the terms themselves were in some way unconscionable or otherwise unenforceable. In one recent case, however, a federal judge in Georgia rejected a challenge brought by users of cryptocurrency exchange platform Coinbase Global, Inc. (“Coinbase”) and found Coinbase’s terms enforceable. (Kattula v. Coinbase Global, Inc., No. 22-3250 (N.D. Ga. July 6, 2023)).

In what appears to be an issue of first impression, a California district court ruled that various defendants allegedly holding governance tokens to the bZx DAO (or “Decentralized Autonomous Organization”), a protocol for tokenized margin trading and lending, could be deemed to be members of a “general partnership” under California law under the facts outlined in Plaintiffs’ complaint, and thus potentially joint and severally liable for negligence related to a phishing attack that resulted in the loss of users’ cryptocurrency. (Sarcuni v. bZx DAO, No. 22-618 (S.D. Cal. Mar. 27, 2023)). The ruling is significant given that this is purportedly the first court to substantively consider the legal status of a DAO under state law (albeit in a ruling on a motion to dismiss); interestingly, in a prior settlement the defendant bZeroX, LLC and its founders reached with the Commodity Futures Trading Commission (CFTC) in 2022 over claims that bZeroX and its founders unlawfully offered leveraged and margined retail commodity transactions in digital assets, the order expressly considered the bZx DAO (and its successor Ooki DAO, which is co-defendant in the instant action) as an “unincorporated association” under federal law. (In re bZeroX, LLC, CFTC No. 22-31 (Sept. 22, 2022)).

A DAO is a decentralized autonomous organization where token holders can vote on governance decisions of the DAO. DAOs don’t typically operate within a formal corporate structure, opting instead to distribute governance rights among persons who hold a specific governance token. The entire raison d’être of a DAO is to take advantage of web3 technologies and operate without a traditional corporate formation to make decisions without a central authority or usual top-down management structure. While DAOs are emerging as a viable structure in DeFi space, this ruling shows that their non-traditional makeup may not necessarily be a shield from real world liability.  Plaintiffs’ theory that the DAO members are part of a general partnership means that anyone holding governance tokens at the relevant time would be jointly and severally liable for the torts of the DAO.  To be sure, even though existing structures do not fit the novel web3 organizational primitive that is a DAO, nothing prevented the bZx DAO (or its successor Ooki DAO), from creating a so-called “legal wrapper” or real-world corporate entity to shield individual members from liability and limit potential creditors to monetary recovery from the DAO’s treasury only.

The organizers of an initial coin offering (ICO) recently won dismissal of an investor’s fraud claims by establishing that their public risk disclosures negated the investor’s claims of reliance on alleged misstatements.  The project, a video service provider’s ICO, was governed by a purchase agreement called a “Simple Agreement for Future Tokens” (“SAFT”).   The plaintiff investor later lost his entire investment as the token collapsed, allegedly due to the provider’s decision to scrap its initial plans for a decentralized platform and move to a permissioned blockchain (and also the provider’s choice to seek additional capital via a “Regulation A” public offering).  The New York court found that even if certain representations made by the issuer regarding the prospect of a decentralized network were actionable, the Plaintiff had not plausibly alleged  “reasonable reliance” on such representations in signing the SAFT. (Rostami v. Open Props, Inc., No. 22-03326 (S.D.N.Y. Jan. 9, 2023)).

This past month, a California district court granted a motion to compel arbitration of various claims by customers of cryptocurrency exchange platform, Coinbase Global, Inc. (“Coinbase”), finding that Coinbase’s User Agreement, which contains a broad arbitration provision, including a delegation clause that delegates questions of arbitrability to the arbitrator.  (Donovan v. Coinbase Global, Inc., No. 22-02826 (N.D. Cal. Jan. 6, 2023)). Unlike some electronic contracting disputes, which turn on whether the user had adequate notice of the terms and manifested consent to such terms (a ruling which often involves an examination of a site or app’s screen display and whether the user is reasonably presented with notice that completing a transaction will bind the user to terms of service), the account holders in this case did not dispute that they had agreed to the User Agreement, rather they argued that the arbitration provision and delegation clauses were unconscionable and unenforceable.

Customer lists held by providers and the personal information users enter to obtain digital wallets or set up crypto exchange accounts are enviable targets for hackers.  Such data can be used to launch targeted phishing schemes and related scams to trick holders into divulging their private keys or else unknowingly transferring anonymized crypto assets to hackers.  One recent case involves a suit brought by customers who purchased a hardware wallet to secure cryptocurrency assets and are seeking redress for harms they allegedly suffered following data breaches that exposed their personal information.

A recent Ninth Circuit decision analyzed whether a federal court had personal jurisdiction over a foreign crypto asset wallet provider, an issue that can be important when litigating in this area, given the boundary-less nature of the world of crypto assets and related services. (Baton v. Ledger SAS, No. 21-17036 (9th Cir. Dec. 1, 2022) (unpublished)). 

Background

The issue of fraudulent crypto-related mobile apps has received much attention of late.  Back in July 2022, the FBI issued a notice, warning financial institutions and investors about instances where criminals created spoofed cryptocurrency wallet apps to trick consumers and steal their cryptocurrency. There have also been reports of phishing websites that attempt to trick consumers into entering credentials, thereby enabling hackers to access victims’ crypto wallets. In response to these developments, Senator Sherrod Brown recently sent a letter to Apple, among others, expressing his concern about fraudulent cryptocurrency apps and asking for more information about the particulars of Apple’s process to review and approve crypto apps for inclusion in the App Store.

In a recent ruling, a California district court held that Apple, as operator of that App Store, was protected from liability for losses resulting from that type of fraudulent activity. (Diep v. Apple Inc., No. 21-10063 (N.D. Cal. Sept. 2, 2022)). This case is important in that, in a motion to dismiss, a platform provider was able to use both statutory and contractual protections to avoid liability for the acts of third party cyber criminals.