This article forms part of a series prepared by partners James Eggleton and Christopher Pease, of our Cayman Islands and BVI offices respectively, in connection with digital assets disputes. For more information, please click here.

The anonymity which digital currencies and online trading more generally permit is one of the factors which makes the digital space so attractive to those seeking to perpetrate fraud. The claims that have come before the courts of England and Wales involving digital assets have almost exclusively been fraud cases. In these cases, the courts have generally taken a pragmatic approach, permitting such actions to be begun against the unidentified fraudsters as “persons unknown” and granting freezing and disclosure orders to assist in securing and recovering (so far as possible) the proceeds of the fraud.^[1]

There are two distinct sides to the (stable)coin when it comes to the recovery of misappropriated digital assets. On the one hand, victims can rely on the permanence and transparency of the blockchain to track the movement of the misappropriated assets (at least until it becomes co-mingled and potentially obfuscated), but on the other hand they usually do not know who is responsible for the wrongdoing. This is because for identification purposes they will have only the public address keys for the wallets used to receive the stolen assets.

The good news is that if victims can successfully identify the person(s) behind the wallets, that can often be enough to persuade the wrongdoer to return the stolen assets. Every wallet has an owner (or controller) and if it is possible to follow the movement of crypto to a custodial account, such as an exchange, that may well present an opportunity to obtain information by way of disclosure order against the custodian (which could reveal who the owner/controller is). In this way crypto is not anonymous. It is pseudonymous – a potentially critical distinction.

Orders for disclosure in these circumstances ordinarily include Norwich Pharmacal and/or Bankers Trust orders against third party intermediaries, such as exchanges. Such orders require that third party to provide information in its possession regarding the identity of an alleged wrongdoer and/or that relates to the misappropriated assets in question.

Depending on the particular circumstances of the case, the information available may include KYC documentation or information concerning the digital wallets into which crypto assets have been transferred. Examples of information that may be provided include:^[2]

• the names in which accounts are held;
• any other information which may identify the holder of the relevant account, including email addresses, residential addresses, phone numbers, bank account details (redacted where appropriate);
• an explanation from the relevant crypto exchange as to what has become of the relevant crypto currency;
• the balances outstanding in the relevant customer accounts; and
• to the extent any further transfers have been made to other customer accounts, details pertaining to those other customer accounts.

Armed with this information, the claimant may either be able to identify those who have taken their assets without authority or locate the assets themselves (or their traceable equivalent).

The Norwich Pharmacal  and Bankers Trust jurisdictions overlap to a considerable extent and, in practice, are often sought together.

Norwich Pharmacal relief

An order for Norwich Pharmacal  relief is an order for the disclosure of documents or information against a third party, who has been innocently mixed up in wrongdoing, in order to assist with the bringing of a claim against wrongdoers or seek legitimate redress for a wrong.

The jurisdiction of the Cayman Islands courts to grant Norwich Pharmacal relief is well-established. The same is true in the BVI, where such applications “are an every-day feature of the legal and corporate service landscape”.^[3]

The following requirements must be met:

• A wrong must have been carried out, or arguably carried out, by an ultimate wrongdoer. The term “wrong”  or “wrongdoing”  may include, for example, a tortious or contractual or other equitable wrong.^[4]
• There must be the need for an order to enable the applicant to seek legitimate redress for the wrongdoing. For these purposes, relief is “necessary”  where there are no other straightforward or available, or any, means of finding out the information that the applicant seeks.^[5]
• The person against whom the order is sought must:
  • be mixed up in so as to have facilitated the wrongdoing; and
  • be able or likely to be able to provide the information to enable the ultimate wrongdoer to be sued.

In addition, the court must also be satisfied that requiring disclosure is an appropriate and proportionate response in all the circumstances of the case, bearing in mind the exceptional but flexible nature of the jurisdiction.^[6]

Bankers Trust relief

Where there is strong evidence that the claimant’s property has been misappropriated, the court will not hesitate to make strong orders to ascertain the whereabouts of property and to prevent its disposal. Those orders may intrude into what would otherwise be confidential customer information.

There are five criteria that need to be satisfied for Bankers Trust relief to be granted.^[7] These are:

• That there are good grounds for concluding that the money or assets about which information is sought, belongs to the claimant.
• There is a real prospect that the information sought will lead to the location or preservation of the money or assets.
• The order should be directed at uncovering the particular assets which are to be traced and should be no wider than is necessary.
• The interests of the claimant in obtaining the order must be balanced against the possible detriment to the respondent in complying with the order.
• The claimant must undertake to meet the expenses of the respondent in complying with the order and compensate the respondent in damages if loss is suffered as a result of compliance.

The crypto context

Recent decisions of the courts of England & Wales, Cayman Islands and the British Virgin Islands have shown how, in practice, victims of wrongdoing may avail themselves of these remedies.

• In Fetch.ai Ltd v Persons Unknown,^[8] the claimants brought various without notice disclosure applications against Binance Holdings Limited (a company incorporated in the Cayman Islands) and Binance Markets Limited (a company incorporated in England). Fraudsters were alleged to have obtained access to trading accounts held by the claimants with Binance and then sold crypto currency held on those trading accounts to third party accounts (inferentially under their control) at massive undervalues.

The Court was prepared to grant the relief sought, noting in particular that there were two factors leading firmly to the conclusion that Bankers Trust  relief should be granted: (i) very strong evidence of a significant fraud; and (ii) the existence of contractual terms as between the respondents and Binance contemplating that personal data may be disclosed by Binance to counterparties, regulatory agents and law enforcement agencies, such that there was no absolute contractual right of confidentiality.

The Court also noted the real prospect that the information provided by Binance would lead to the location or preservation of assets, because the relevant contractual terms made clear that Binance would maintain personal data in relation to its customers. Separately, in relation to Norwich Pharmacal relief, the Judge noted that Binance was mixed up in the alleged wrongdoing insofar as (and to the extent that) they were administering the accounts into which the fraudsters were able to gain access.

• In LMN v Bitflyer Holdings Inc,^[9] the claimant crypto exchange – itself the victim of a hack – sought Bankers Trust disclosure orders against six other crypto exchanges. The claimant’s crypto tracing expert had identified 26 exchange addresses into which crypto currency had been transferred.^[10] Its evidence was that, as the addresses were all exchange addresses, it was not possible to trace the cryptocurrency any further without information being provided by the exchanges about the individuals behind the transactions.

The Court in that case granted the relief sought on the basis that each of the five Bankers Trust requirements (set out above) had been met. Of particular note were the Judge’s findings that: (i) on the basis that there was a good arguable case that the law of England and Wales was applicable, whoever held the misappropriated cryptocurrency (or its traceable substitutes) arguably did so on constructive trust for the claimant;^[11] and (ii) the potential detriment to the defendant crypto exchanges could be eliminated or at least very effectively mitigated by the claimant’s undertakings as to expenses and damages, the restrictions on any collateral use of the information provided, and a provision contained in the order that the respondent exchanges were not required to do anything that would contravene local law.

Notably, the defendants did not raise any substantive objections to the relief sought (albeit one of the exchanges made some points in respect of the width of the information to be delivered up). This is not, perhaps, unsurprising: it is more than arguably in the commercial best interests of crypto exchanges (particularly centralised exchanges) to be seen to reasonably co-operate with the authorities in connection with the taking of steps to prevent and/or identify fraudulent activity on their platforms (subject to the legal and regulatory landscape in which those exchanges operate).

• In the Cayman Islands, the Grand Court has recently granted Norwich Pharmacal  relief against a centralised digital asset exchange. Whilst the Grand Court did not issue a formal judgment, it did make a number of noteworthy observations, in particular in relation to procedural points. For more, see our blog here: Securing Norwich Pharmacal relief against a digital asset exchange: a legal milestone in asset recovery.
• In the BVI, the Eastern Caribbean Supreme Court granted Chainswap, a company providing services to facilitate the transfer of cryptocurrency tokens across different blockchains,^[12] its application for the issuance of a letter of request to the Croatian authorities seeking the provision of evidence from a crypto exchange located in Croatia (including information that would identify unknown defendants).^[13] For more on that decision, see: Contentious Crypto - ChainSwap v Persons Unknown; Judgment handed down in ChainSwap v Persons Unknown: the first BVI freezing order against persons unknown concerning crypto fraud.

In any given case, the extent to which transactions may be traced on a blockchain (or across several blockchains) will be inherently fact sensitive. Specialist digital asset tracing expertise is highly likely to be needed to assist with that exercise. Some cryptocurrencies may be more transparent and/or traceable on their respective blockchains than others.^[14] Some issuers may be prepared to freeze funds if they are made aware of illicit activity concerning those funds.^[15] If bad actors^[16] are involved, it is very possible that steps will have been taken to attempt to impede any tracing exercise, for example through the use of a cryptocurrency tumbler or privacy coin.^[17]

Assuming, however, that an applicant for an information disclosure order is able to demonstrate that a crypto exchange (or another third party) is likely to be able to provide information that will assist in identifying a wrongdoer or otherwise in preserving or locating misappropriated assets, then the courts of common law jurisdictions have consistently shown that they will take a practical approach and, provided the relevant criteria are satisfied, grant the relief sought.

Jurisdictional issues

Notwithstanding the theoretical availability of interim disclosure orders against crypto exchanges as a matter of local law, a more fundamental issue arises where relief is sought against defendants that are, or may be, situated outside the jurisdiction or who may otherwise not be identifiable at all. Where that is the case, under what circumstances will the local courts be prepared to assume jurisdiction? These matters are discussed in our next article: Jurisdictional issues in crypto currency disputes.

^[1]Boonyaem v Persons Unknown Category (A) [2023] EWHC 3180 (Comm) at [32]. The expression “anonymity”, in this context, may have been intended to encompass the concept of pseudonymity. Although certain cryptocurrencies offer anonymity and/or privacy features to their users (for example, so-called “privacy coins” such as Monero and Zcash), cryptocurrencies generally operate pseudonymously by enabling users to operate alphanumeric wallet addresses that are not directly tied to their real-world identities (but which may nevertheless still potentially be traceable to the individuals controlling them).

^[2]See the form of order made in LMN v Bitflyer Holdings Inc [2022] EWHC 2954 (Comm).

^[3]Claim No. BVIHCM2023/0050 - CIF v DLG - Eastern Caribbean Supreme Court, per the Honourable Justice Wallbank (Ag). The requirements to be met for the grant of Norwich Pharmacal relief in the BVI are the same as in the Cayman Islands. See further, Claim No. BVIHV(COM)2010/0037 - Al-Rushaid Petroleum Investment Co v TSJ Engineering Consulting Co Ltd.

^[4]Orb v Fiddler [2016] EWHC 361 (Comm). In the crypto context, the misappropriation of digital assets through fraud would clearly satisfy this requirement. See also LMN v Bitflyer Holdings Inc [2022] EWHC 2954 (Comm) at [19]-[21].

^[5]Discover Investment Company v Vietnam Holding Asset Management Limited  [2018] (2) CILR 424 and Claim No. BVIHCM2016/108 - UVW v XYZ, both citing the Privy Council’s decision in The President of the State of Equatorial Guinea v The Royal Bank of Scotland International [2006] UKPC 7.

^[6]Collier v Bennett  [2020] 4 WLR 116 at [35].

^[7]Kyriakou v Christie Manson and Woods Ltd [2017] EWHC 487 (QB) at [4]-[15]; C Corporation v P [1994-95 CILR 189].

^[8][2021] EWHC 2254 (Comm).

^[9][2022] EWHC 2954 (Comm).

^[10]As explained in the judgment at [8], “exchange addresses” in this context refers to addresses owned and operated by the exchange itself. Whilst such addresses tend to be associated with a particular customer, the actual crediting of cryptocurrency to the relevant customer’s account with the exchange takes place ‘off chain’ (i.e via an internal accounting exercise). Cryptocurrency received into an exchange address will often be merged by the relevant exchange into an ‘omnibus wallet’ used to service multiple customers’ requests.

^[11]In particular, the Judge held that it was arguable that cryptocurrency is a form of property. That being the case, it was arguable that “when property is obtained by fraud equity imposes a constructive trust on the fraudulent recipient: the property is recoverable and traceable in equity”  (following Westdeutsche Landesbank Girozentrale v Islington LBC [1996] AC 669) (see [19(2)]).

^[12]This is sometimes referred to as a “cross-chain bridge”.

^[13]ChainSwap v Persons Unknown VG 2022 HC 036

^[14]The development of privacy coins may have begun, at least in part, as a result of concerns as to the high  degree of transparency and traceability of other cryptocurrencies on their respective blockchains. Privacy coins have come under increasing regulatory scrutiny in recent times. They may be particularly attractive to bad actors insofar as they undermine the ability of blockchain analytics to trace transactions.

^[15]The stablecoin Tether, for example, has recently been recognised for assisting the United States Secret Service in freezing assets transferred on a sanctioned exchange: Tether Recognized for Assisting the United States Secret Service in $23m Freeze Related to Transfers on Sanctioned Exchange, Garantex.

^[16]Concerns regarding malicious activity within the crypto space are growing. A recent report from Chainalysis  has found that illicit addresses (as identified so far) received some US$40.9 billion worth of crypto currency in 2024 alone: see Chainalysis’ The 2025 Crypto Crime Report (February 2025).

^[17]A good example of this is the Chainswap  case, in which misappropriated assets were routed via Tornado Cash. As explained by Justice Jack at [10], “Tornado Cash uses smart contracts to receive tokens which it will hold for a period of time and then, at the discretion of the user, transfer out to a different wallet than that from which the transfer was originally made. Where numerous users transfer tokens into Tornado Cash at the same time, it can have the effect of mixing those tokens so that when paid out into different wallets, it will obfuscate their origin”.