Partner Nicola McKinney explores crypto asset recovery in Thomson Reuters Regulatory Intelligence

August 30, 2023

In light of a recent High Court Civil Recovery Order, which enabled the seizure of £750,000 in cryptocurrency, Partner Nicola McKinney explores what this means for victims of crypto fraud.


Nicola’s article was published in Thomson Reuters Regulatory Intelligence, 30 August 2023, and can be found here.

Cryptocurrency worth more than £750,000 was recently seized from a hacker under a civil recovery order (CRO) issued by the High Court. The Crown Prosecution Service (CPS) said it had secured the CRO, as well as a pre-conviction property freezing order, against the hacker using powers under the Proceeds of Crime Act 2002 (PoCA).

The police executed search warrants and seized a black book containing 14 “recovery seeds” which enabled officers to access two digital wallets, one of which contained a large amount of cryptocurrency.

Limited assistance

UK victims of crypto fraud, and lawyers advising them, may read this news as marking a significant development in the effort to reduce theft of digital assets, or in the ability of investors to recover their stolen assets. The reality, however, is that police and prosecution actions to obtain CROs such as this are unlikely to regularly be of much assistance to targets of crypto fraud who seek to recover their stolen digital property.

Criminal proceedings and steps under PoCA are generally focussed on depriving wrongdoers of the benefit of unlawful conduct.

Assets and property which are frozen and recovered in this way ultimately vest in the trustee for civil recovery; they are not paid over to victims. The position will not be any different for digital assets.

Prior to a CRO being made, a victim has a right to apply to the court to seek a declaration that they are the true owner of the property in question, and to try to have their property excluded from the CRO proceedings.

Identifying their stolen assets and removing them from CRO proceedings does not, however, automatically result in the return of those assets to the victim, and having to make an application to the court — or to make representations where a receiver has been appointed by the court — can itself represent an additional hurdle and expense to a victim, who will still then have to take further, independent steps to recover their property through civil proceedings.


This does not, however, mean that CROs offer no potential benefits to victims of crypto fraud. If any information can be obtained about the investigations carried out by the police, particularly about where the stolen crypto-assets have been located, it could be of assistance. In practice, however, a victim is unlikely to have access to the full details of the police investigation, and that investigation will, in any event, have had a different focus and priorities other than recovery of digital assets.

As a result, to establish the property as theirs, a victim may still have to undertake their own, potentially costly, investigations. Hurdles such as obtaining a reliable blockchain analysis report, and third-party disclosure orders against crypto exchanges, are therefore unlikely to be avoided.

Further, and of more obvious help, are the property freezing orders that the CPS is likely to obtain prior to a CRO. These prohibit, until a CRO is made, the use or movement of the crypto-assets which have been located. They will also during the same time period “freeze” those assets until the moment when a victim is able to identify and isolate their own assets within the frozen property.

This could give victims more time to take necessary steps, and may help them to avoid at least one trip to court to obtain their own freezing injunction.

Difficulties with tracing individual crypto-assets

Even where the police investigations have identified a wallet containing crypto-assets obtained by unlawful conduct, victims will still likely face the recurring challenge of identifying their own crypto-assets among mixed property.

In many crypto frauds, the stolen cryptocurrency is not clearly separated in a dedicated wallet but is instead often mixed with those of other victims or with non-criminal property and may pass through a series of wallets, making individual assets even harder to trace. Identifying specific cryptocurrency — units of which do not carry unique markers — belonging to the victim (rather than substitute property of equal value) can therefore present numerous challenges to authorities, regulators and victims of crypto crime.

Unusual features

The jurisdiction of the CRO regime aside, there are additional reasons why recent headlines concerning cryptocurrencies and CROs are less significant for victims than they may at first appear. The scenario presented in this particular case is not typical of the “classic” investor crypto fraud in the UK, in which the UK-based investor falls victim to a scam, thereafter transferring funds to a fraudster.

That transfer happens under a misapprehension about the fraudster’s identity or how the funds are to be applied, but it is most often the case that transfers are made with the owner’s authority.

This recent case also has several unusual features, which indicate that it was not the type of “authorised push payment” (APP) fraud that are most commonly seen in this sector.

First, it features a hacker, which is not often a factor in crypto theft, as most thefts of digital assets do not happen after a hack. This may be because the time and skill involved in locating and accessing a private key — which will permit access and control of a digital asset wallet — will often be disproportionate to the value of the crypto-assets in the digital wallet. Authorised push payment frauds are, for criminals, more cost-effective.

Secondly, the hacker appears to have been based in the UK. Again, in many cases, crypto fraud victims are contending with unknown persons committing the criminal acts who are based in other jurisdictions, due to the borderless nature of digital assets. The cross-border element makes obtaining information, and recovering the assets through civil proceedings, more expensive and complex.

Action by English and Welsh police will therefore likely have a very limited deterrent effect on APP fraudsters targeting UK victims.

Iterative process

The Law Commission’s final report on digital assets, published in June, is a useful reminder that the use of existing common law principles and legislative framework with various new forms of digital assets is likely to be an iterative process, with different investigations and cases exploring the limits of how victims can be assisted, and criminal behaviour deterred or punished.

The existing limits of the PoCA regime will apply in the context of digital asset crime, and will probably only assist victims who are well-advised, and in limited circumstances.