Trustless No More: Law Changes to Enhance Rights of Crypto Customers on an Exchange’s Insolvency
This article is published in the Australian Banking and Finance Law Bulletin.
Members of the crypto cognoscenti correctly note that crypto asset transactions on a public blockchain are “trustless”. That is, they can occur without the intervention of any trusted third party. But most average crypto users rely on centralised crypto exchanges and their transactions are therefore not “trustless”. On the contrary, those users are heavily dependent on the terms and conditions of their crypto exchange and how the exchange handles crypto assets in practice. Given the significant number of high-profile hacks and failures of centralised crypto exchanges, policymakers in Australia and internationally are in the process of imposing more prescriptive rules about how centralised exchanges handle crypto assets and what they can and cannot say in their terms and conditions. This article outlines the issues at stake and the possible direction of law reform in Australia in the next 12 to 18 months.
Introduction
There is a fundamental difference between a user (Alice) transacting with crypto assets directly on a blockchain and transacting via a centralised crypto asset exchange. Where Alice transacts herself directly on a blockchain, she will use the software protocol governing the blockchain to protect her crypto asset. How? Assuming Alice has kept her “private key” private, the application of that key demonstrates that the instructions to deal with her crypto asset on the blockchain were initiated by her and nobody else.[1] The private key is not a physical thing. It is simply information. As a result, it is similar to a PIN (personal identification number), the difference being that it is not a 4 or 6-digit number. Instead, it is a much longer string of numbers and letters. Therefore, it is most often stored on a hardware device (e.g. a laptop or USB stick) and applied by Alice when needed.
In contrast, when Alice transacts via a crypto asset exchange, alternative technical and legal characterisations are possible. The main alternatives can be summarised as follows.[2] As will be seen from the right-hand column of the table below, the legal position will most likely be contested and uncertain. In each case it will depend on surrounding circumstances like the terms and conditions of the exchange and how the centralised exchange promoted the particular service that was purchased by Alice.
Technical Position | Legal Position | |
---|---|---|
1 | “Earmarked Model”: Alice buys a crypto asset using a centralised exchange. When processing that purchase, the exchange specifically earmarks (as being held for Alice) the wallets holding the private and public keys that need to be accessed to deal with that cryptocurrency on the public blockchain. This model may or may not involve Alice having the ability to initiate a transaction on the public blockchain by using an online wallet hosted by the exchange. Even if it does give Alice this ability, the crucial point is that the wallets may also be accessed by the exchange. The exchange will provide Alice with an application interface to manage, and track the value of, the crypto assets that can be accessed using the keys held in the wallets earmarked to Alice. Alice uses the application interface to instruct the exchange how to deal with the wallets. | Alice may be the beneficiary of a trust in her favour, i.e. the exchange holds the crypto assets as trustee for Alice.[3] Alternatively, Alice may simply have contractual rights against the exchange. The answer will depend on surrounding circumstances like the terms and conditions of the exchange and how the exchange is promoted.
If the “Earmarked Model” is used in conjunction with contractual provisions stating that the relationship between the exchange and Alice is a custodial one, i.e. that the exchange holds custody of the crypto asset for Alice, then it is more likely that the exchange holds the earmarked crypto assets on trust for Alice. |
2 | “Pooled Model”: Alice buys crypto assets using the centralised exchange. The exchange maintains a record (let us call it an “account”) of Alice’s crypto asset entitlements. The exchange does not earmark any particular wallets as being held for Alice or any other user. Quite confusingly, however, the application interface made available to Alice may be very similar to that provided to a user under the “earmarked holding” model. | Again, Alice may be the beneficiary of a trust in her favour, i.e. the exchange holds the crypto assets as trustee for Alice. Alternatively, Alice may simply have contractual rights against the exchange. Again, the answer will depend on surrounding circumstances like the terms and conditions of the exchange and how the exchange is promoted. |
If a centralised exchange is hacked or becomes insolvent, the question of whether Alice has proprietary rights in relation to crypto assets controlled by the exchange or just contractual rights against the exchange becomes very important. If Alice has contractual rights only, she is an unsecured creditor of the exchange, much in the same way as a bank’s customer is an unsecured creditor of the bank. Conversely, if Alice has proprietary rights to crypto assets controlled by the exchange, she will have priority over the general body of unsecured creditors in any insolvency of the exchange.
We must clarify what is meant by “proprietary rights” in this context. Exactly how is it that crypto assets may be owned and held on trust? Our working hypothesis is that crypto assets are capable of being subject to proprietary rights as a result of a user’s practical control of the private key that permits a state change of the relevant public blockchain. The user controls data objects which, although intangible, are comprised of more than pure information alone. They exist independently of persons and the legal system, i.e. they are “there in the world” and not just a legal construct. Further, they are rivalrous, i.e. their use by one person necessarily prejudices the ability of someone else to use them at the same time.[4]
Unpredictable results
The current position, as outlined in the Introduction, often leads to unpredictable results for users of centralised exchanges. Where an exchange is hacked or becomes insolvent, much time and money is spent in disputing whether or not users are secured creditors, by reference to the exact circumstances of the case, including the terms and conditions of the exchange and how the exchange promoted the particular service that was purchased by a user. This is particularly evident in the recent high-profile insolvency proceedings in the United States involving global centralised exchanges. The following extracts are telling:
The examiner’s final report in the Celsius Chapter 11 proceedings notes that:[6]
Celsius’s Terms of Use, which customers accepted by clicking their agreement when opening a Celsius account, also conflicted with what Celsius told its customers. In its marketing material and [weekly livestream conversation with customers], Celsius and its managers told customers that the crypto assets they deposited with Celsius were “your assets” and that the coins belonged to the customers. But Celsius’s Terms of Use stated from March 2020 forward that a customer transferred all “rights of ownership” in her crypto assets by depositing them in a Celsius account. Similarly, Mr. Mashinsky told customers that in the event of a bankruptcy they would get their coins back, while the Terms of Use told customers (starting in March 2020) that in the event of bankruptcy they may not be able “to recover or regain ownership” of their crypto assets.
There are several ongoing disputes in the Celsius insolvency. In addition to its other products, Celsius provided a custody service to users on the basis that all crypto assets held in custody by Celsius under that service “shall at all times remain with the [user]” and subject to an undertaking from Celsius that it would not “transfer, sell, loan or otherwise rehypothecate” crypto assets in custody unless “specifically instructed by [users], except as required by [law].[7] This is to be contrasted with the “earn accounts” held by other users, which have been found to constitute property of Celsius and not the relevant users.[8]
In relation to FTX, the United States Securities and Exchange Commission complaint against Sam Bankman-Fried alleges that:
FTX’s Terms of Service, which were publicly available on FTX’s website and accessible to investors, assured FTX customers that their assets were secure, providing: “you control the Digital Assets held in your Account;” “[t]itle to your Digital Assets shall at all times remain with you and shall not transfer to FTX;” and “none of the digital assets in your account are the property of, or shall or may be loaned to, FTX Trading.” Similarly, …FTX represented…that it “segregates customer assets from its own assets across our platforms.” …These statements to the public, customers and investors were false – FTX did not segregate its customer assets from its own assets, and, as events would later demonstrate, did not maintain liquidity to allow customer withdrawals on demand.[9]
What is to be done to protect users and provide certainty to responsible centralised exchanges?
Law Reform
It is often the case that a centralised crypto asset exchange will have a global reach. For example, although Cryptopia was a centralised exchange formed in New Zealand, most of the approximately 900,000 users of its services were located outside New Zealand. In fact, New Zealand had only the 26th largest number of users of the exchange.[10] Since exchanges’ operations often transcend jurisdictional boundaries, exchanges’ activities (and users’ protections) would be facilitated if requirements for handling of crypto assets by the exchanges are harmonised internationally, to the fullest extent possible. Set out below is a summary of developments in Australia and other key jurisdictions. Broadly, these regulatory changes will impact on centralised exchanges which will be regulated as “crypto asset service providers” (in the EU, UK and Australia) or virtual asset trading platform operators (Hong Kong). The United States’ reforms affect registered investment advisers and qualified custodians; those reforms will impact on all centralised exchanges directly (if they are qualified custodians) or indirectly because of the chilling effect on registered investment advisers’ crypto asset investments, which will need to be placed with a qualified custodian.
The Regulation on Markets in Crypto Assets[11] (MiCA) is expected to be passed by the European Parliament in coming months, possibly in April 2023. Relevant provisions include:
Crypto asset service providers providing the service of custody and administration of crypto-assets on behalf of third parties … should implement a custody policy that must be made available to clients on their request…Crypto-asset service providers offering custody and administration of crypto-assets are not allowed to actively use the customers’ crypto-assets on their own account. The service providers have to ensure that all held crypto-assets are always unencumbered…[12]
Custody and administration of crypto-assets on behalf of third parties:
The crypto-assets held in custody shall be insulated from crypto-asset provider’s estate in the interest of the clients of the crypto-asset service provider under relevant law, such that the creditors of the crypto-asset service have no recourse to the crypto-assets held in custody, in particular in the event of insolvency.[13]
Crypto-asset service provider shall ensure that the crypto-assets held in custody are operationally segregated from the crypto-asset provider’s estate.[14]
United States
In February 2023, the United States Securities and Investments Commission proposed extensive revisions to its present rules governing custody of client assets by registered investment advisers (Proposed SEC Custody Rule).[15] Relevantly, the SEC Custody Rule is proposed to cover all crypto assets, regardless of whether or not they are “funds and securities”.[16] The Proposed Rule includes detailed consideration of how a custodian might obtain and maintain “possession or control” of a client’s crypto assets.[17] The Proposed SEC Custody Rule is open for comment until 8 May 2023. It includes the following commentary.
We believe that under their existing regulatory regimes, qualified custodians are generally considered to have “possession or control” of assets that are in their exclusive or physical possession or control. We understand, however, that proving exclusive control of a crypto asset may be more challenging than for assets such as stocks and bonds. For example, while we understand that it is possible for a custodian to implement processes that seek to create exclusive possession or control of crypto assets (e.g., private key creation, maintenance, etc.), it may be difficult actually to demonstrate exclusive possession or control of crypto assets due to their specific characteristics (e.g., being transferable by anyone in possession of a private key). Moreover, we are mindful of crypto asset custody models in which an advisory client and a qualified custodian might simultaneously hold copies of the advisory client’s private key material to access the associated wallet with the client’s crypto assets, and thus both have authority to change beneficial ownership of those assets.[18]
It appears that the above requirements would not apply directly to a centralised exchange unless it is a registered investment adviser or qualified custodian, in which case it would be required to comply with the Proposed SEC Custody Rule.[19]
Hong Kong
In February 2023, the Hong Kong Securities and Futures Commission issued its Consultation Paper on the proposed regulatory requirements for virtual asset trading platform operators licensed by the Securities and Futures Commission.[20] Comments were due by 31 March 2023. The regulatory requirements to be imposed on virtual asset trading platform operators are proposed to include the following safe custody requirements.
A platform operator should hold client money and client virtual assets on trust through a wholly-owned subsidiary, i.e. “associated entity”. It should ensure that not more than 2% of the client virtual assets are stored in hot wallets. Further, as access to a virtual asset is effected by the usage of a private key, custody of virtual assets primarily concerns the safe management of the private keys….Additionally, a platform operator should not deposit, transfer, lend, pledge, repledge or otherwise deal with or create any encumbrance over client virtual assets.[21]
Storage in a ”hot wallet” describes the practice “where the private keys to virtual assets are kept online and are therefore highly vulnerable to external threats, such as hacking and social engineering (for example, phishing). Storage in a ‘cold wallet’ refers to the private keys which are kept offline, i.e. without access to the internet, and therefore provide more security.[22]
UK
In February 2023, the UK Treasury released its consultation paper on the future financial services regulatory regime for crypto assets.[23] Like the other jurisdictions we have considered, the consultation paper includes proposed rules on custody of crypto assets.[24] In addition to covering firms that administer and safeguard crypto assets, the rules will apply to firms that only safeguard (but do not administer) such assets. This would cover specialist crypto asset custodians.
The UK rules will supplement existing frameworks for traditional finance custodians with specific modifications to accommodate unique crypto asset features (e.g. specific controls and safeguards for the safekeeping of private keys). Additionally, the existing custody provisions governing traditional finance custodians will be expanded to include bespoke custody requirements for crypto assets. These are expected to include safeguarding investors’ rights to their crypto assets (e.g. by restricting commingling of their assets with the firm’s own assets), accurate records of investors’ custody holdings and appropriate controls and governance.
Australia
In March 2022, the Australian Treasury issued a consultation paper on the licensing and custody requirements for crypto asset secondary service providers.[25] Additionally, the Australian Treasury has foreshadowed that in mid-2023 it will issue for consultation a proposed licensing and custody framework for crypto asset service providers, allowing sufficient time for consultation prior to the introduction of legislation.[26] In the period since issuing the initial consultation paper in March 2022, the Australian Treasury has had the benefit of 110 responses to its consultation paper, as well as the opportunity to review the evolving response of other regulators worldwide. Further, the custody and licensing approach will be informed by the token mapping exercise on which the Treasury consulted in February and March 2023.[27]
Treasury’s March 2022 consultation paper contained a section entitled “proposed custody obligations to safeguard private keys”, to implement “mandatory minimum, principles-based custody obligations for private-keys that are held or stored by [crypto asset service providers] on behalf of consumers.” The proposed obligations included holding assets on trust for the consumer, ensuring that consumers’ assets are appropriately segregated and ensuring that the custodian of private keys has the requisite expertise and infrastructure.[28]
Analysis, next steps
Several of the above law reform proposals have not yet been fully elaborated or enacted. Many interesting issues need to be addressed in implementing these reforms in Australia. Some of these issues are outlined below.
Technical versus legal measures
Several of the above law reform proposals contain a combination of:
- legal measures – for example, custody/administration providers must “hold crypto assets on trust”: or, at a more abstract level, they must ensure that other creditors of the provider “have no recourse to the crypto-assets held in custody, in particular in the event of insolvency [of the provider]”; and
- technical measures – for example, platform operators must ensure that “not more than 2% of the client virtual assets are stored in hot wallets” , must ensure that they have the requisite expertise and infrastructure and must operationally segregate their own assets from clients’ assets.
The technical measures could no doubt be contentious for commercial and practical reasons, but they ought not to raise conceptual issues. It would be desirable for specific technical measures not to be imposed by principal legislation. Rather, they should be imposed by subordinate legislation and administrative instruments. This is to ensure that they can be adapted relatively easily as technology evolves over time.
Operational segregation of service providers assets from users’ assets is a technical and not a legal measure. It is not entirely clear whether the law reform proposals will require segregation of users’ assets from service providers’ assets generally, or alternatively whether service providers’ operational segregation ‘requires segregation of each user’s crypto assets. [29] If there is operational segregation at a user level (the “earmarked model” described earlier in this article) this could have consequences for apportioning losses upon the hacking or insolvency of a centralised exchange.[30]
The legal measures to be implemented in Australia will need to take account of the wide variety of different crypto asset services that the policy makers may decide ought to be subject to crypto asset providers’ custody/safekeeping obligations. As noted by the Australian Securities & Investments Commission (ASIC):[31]
Crypto-assets have diverse features and functionalities and may grant the holders different substantive rights [all of which] can change over time…an additional layer of complexity is that the actual interest a consumer acquires when they transact on a crypto trading platform may differ from the actual crypto-asset (unless, for instance, they have and exercise a right to request an asset be transferred to themselves).
This would mean that the legal measures linked to custody cannot simply be based on an existing model under the Corporations Act, e.g. those of a responsible entity under a managed investments scheme or an Australian financial services licensee which provides custodial or depository services as a distinct service.[32] I suggest that the obligations imposed on a crypto asset service provider like a centralised exchange should correspond with the service that is being offered. Those custody obligations should be able to be varied according to the terms of the legal agreement between them and their users (so long as the limits of the exchange’s responsibilities are clearly disclosed and the user provides their informed consent).
Additionally, the allocation of risk and responsibility between the crypto asset service provider (e.g. a centralised exchange) and any outsourced specialist provider of crypto asset custody services would need to be clarified. Would the legal custody obligations sit with the (non-custodial) crypto asset service provider who has the relationship with the end user or with the specialist crypto-asset custody service provider?[33]
Introduction Self-custodial wallets
The European Union’s MiCA expressly states that hardware or software providers of non-custodial wallets do not fall within the scope of MiCA.[34] “Non-custodial” means that the user (not the service provider) has custody of the crypto asset wallet and therefore controls the private keys needed to deal with the crypto assets on the relevant blockchain. A synonym for this is “self-custody” i.e. the users themselves have custody of their crypto assets.
The principle underlying the statement in MiCA is clear. If a user is given the wherewithal to handle the custody of their crypto assets themselves, they will have custody of their own assets and custody rules should not be imposed on the crypto asset service provider. But this bright line may get blurred when the service provider does more than just provide a user with the self-custodial wallet hardware/software and assists the user in other ways.
Sharded private keys or multi-signature wallets
Sharding of private keys is “a process by which a private crypto key is split into several pieces, or shards, rendering each shard useless unless enough are assembled to reconstruct the original key.”[35] A multi-signature wallet is one that requires more than one private key in order to deal with crypto assets accessible via a particular wallet.
Sharding and multi-signature wallet solutions are alternative solutions that require the input of both the user and the service provider to handle the crypto asset private keys in a wallet. Given that a service provider cannot deal with the crypto asset wallet without the active participation of a user, these solutions are akin to self-custodial wallets. This is because the user does not entrust the means of accessing the crypto assets to the service provider. However, regulator concerns about technological arbitrage may need to be addressed. To avoid being regulated as a custodian, the service provider may need to demonstrate that it does not have de facto control of the crypto assets to the exclusion of the user.
Contracting out?
Many of the proposed law reform measures set out above provide for the regulation of crypto asset service providers who hold crypto assets “on behalf of” their clients. Does this mean that centralised crypto exchanges can contract out of the custody obligations by expressly saying that they are not providing any custody/administration service to users? In principle, there is nothing to prevent a centralised exchange saying in its terms that it has full control and ownership of the relevant crypto asset and is only obliged contractually to provide an equivalent amount of the relevant crypto asset to the user on request.[36] That is, they do not have custody of, or administer, any crypto asset “on behalf of” the user. This would be similar to a bank’s relationship with its depositors in which the bank is merely an unsecured debtor of the depositor. However, given the issues that policy makers are seeking to address, I believe that the crypto asset custody measures that are enacted in Australia will be unlikely to permit a centralised exchange to contract out of custody obligations in this way, unless the provider satisfies specified user disclosure and informed consent requirements.
Law reform is imminent in Australia
Law reform in Australia is imminent on the issues considered in this article. It is likely that legislative changes will be made later in 2023, shortly after the Australian Treasury’s consultation on licensing and custody, due to take place in mid-2023. It is hoped that these changes will protect users and provide legal certainty to responsible centralised exchanges.
Queries
For further information regarding the above, please contact the author or any member of our Fintech, Privacy & Emerging Technologies or Litigation & Dispute Resolution teams.
Disclaimer
This information and the contents of this publication, current as at the date of publication, is general in nature to offer assistance to Cornwalls’ clients, prospective clients and stakeholders, and is for reference purposes only. It does not constitute legal or financial advice. If you are concerned about any topic covered, we recommend that you seek your own specific legal and financial advice before taking any action.
__________
[1] See D Kreltszheim, “What we know and don’t know about cryptocurrency exchanges – a summary for finance and insolvency lawyers” (2020) 36 Australian Banking & Finance Law Bulletin 7.
[2] See D Kreltszheim, “Risk Allocation for Hacking and Insolvency of Cryptocurrency Exchanges” (2020) 20 Insolvency Law Bulletin 166, 170-172. Also see UK Law Commission, “Digital Assets Consultation Paper” CP No 256 (July 2022) pp. 336-353, available at https:/s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2022/07/Digital-Assets-Consultation-Paper-Law-Commission-1.pdf
[3] This view is supported by the analysis in Ruscoe and Moore v Cryptopia Limited (in liquidation) [2020] NZHC 728 at [144] and [147], demonstrating that a “pooled holding” can give rise to a trust.
[4] UK Law Commission, above 2, at pp.77-92.
[5] For example, Ruscoe and Moore v Cryptopia Limited (in liquidation) [2020] NZHC 728.
[6] In re Celsius Networks LLC Chapter 11 Proceeding “Final Report of Shoba Pillay, Examiner” (30 January 2023) pp. 20-21, available at https://cases.stretto.com/public/x191/11749/PLEADINGS/1174901312380000000039.pdf
[7] In re Celsius Networks LLC Chapter 11 Proceeding “Declaration of Alex Mashinsky, CEO of Celsius Network LLC in Support of Chapter 11 Petitions and First Day Motions” (14 July 2022) at p. 19, available at https://cases.stretto.com/public/x191/11749/PLEADINGS/1174907142280000000096.pdf
[8] In re Celsius Networks LLC Chapter 11 Proceeding “Memorandum Opinion and Order Regarding Ownership of Earn Accounts” (4 January 2023), available at https://cases.stretto.com/public/x191/11749/PLEADINGS/1174901042380000000067
[9] See the Complaint lodged by the Securities and Exchange Commission against Samuel Bankman-Fried (Case 1; 22-cv 10501, 13 December 2022) p. 14, available at https://www.sec.gov/litigation/complaints/2022/comp-pr2022-219.pdf
[10] Ruscoe and Moore v Cryptopia Limited (in liquidation) [2020] NZHC 728, at [7] to [9].
[11] European Parliament Committee on Economics and Monetary Affairs, Proposal For a Regulation of the European Parliament and of the Council on Markets in Crypto-Assets, and amending Directive (EU) 1019/1937 Provisional Agreement Arising from Interinstitutional Negotiations (October 2022), available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020PC0593&from=EN
[12] MiCA, above n 10, Recital (59).
[13] MiCA, above n 10, Article 67, paragraph 10.
[14] MiCA, above n 10, Article 67, paragraph 10a.
[15] US Securities and Investments Commission, “Safeguarding Advisory Client Assets” (15 February 2023), available at https://www.sec.gov/rules/proposed/2023/ia-6240.pdf.
[16] Proposed SEC Custody Rule, above n 14, pp. 18, 28.
[17] Proposed SEC Custody Rule, above n 14, pp. 66-82.
[18] Proposed SEC Custody Rule, above n 14, p. 66.
[19] See the discussion in the Proposed SEC Custody Rule, above n 14, pp. 67-68.
[20] Hong Kong Securities and Futures Commission, “Consultation Paper on the Proposed Regulatory Requirements for Virtual Asset Trading Platform Operators Licensed by the Securities and Futures Commission” (February 2023), available at https://apps.sfc.hk/edistributionWeb/gateway/EN/consultation/doc?refNo=23CP1
[21] Hong Kong Securities and Futures Commission, above n 19, pp. 10, 59-62.
[22] Hong Kong Securities and Futures Commission, above n 19, p.10.
[23] UK Treasury, “Future Financial Services Regulatory Regime for Cryptoassets: Consultation and Call for Evidence” (February 2023), available at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1133404/TR_Privacy_edits_Future_financial_services_regulatory_regime_for_cryptoassets_vP.pdf
[24] UK Treasury, above n 22, pp. 49-53.
[25] Australian Treasury, ”Crypto Asset Secondary Service Providers: Licensing and Custody Requirements” (March 2022), available at https://treasury.gov.au/consultation/c2022-259046
[26] Australian Treasury, “Token Mapping Consultation Paper” (February 2023) p.9, available at https://treasury.gov.au/sites/default/files/2023-02/c2023-341659-cp.pdf
[27] Ibid.
[28] Australian Treasury, above n 24, pp. 20-21.
[29] ASIC, “Submission to Treasury Consultation Paper: Crypto Asset Secondary Service Providers – Licensing and Custody Requirements (June 2022) p. 55, available at https://treasury.gov.au/sites/default/files/2022-12/c2022-259046-asic.pdf
[30] See D Kreltszheim, above n 2, p. 172.
[31] ASIC, above n 28, pp.14-15.
[32] ASIC, above n 28, pp. 53-55.
[33] ASIC, above n 28, p. 53.
[34] MiCA, above n 10, Recital (59).
[35] “What is Key Sharding?”at hhttps://www.ethos.io/what-is-key-sharding/#:~:text=Key%20sharding%2C%20or%20Shamir’s%20Secret,to%20reconstruct%20the%20original%20key
[36] UK Law Commission, above 2, at p. 329.