Recently, with the popularity of on-chain inscriptions and memes, more and more virtual currency investors have turned their attention to the chain and transferred funds from centralized exchanges to decentralized on-chain wallet addresses for on-chain interactions. Although on-chain opportunities are fairer and more profitable than the secondary market, they also hide huge risks, the most fatal of which is the theft of invested virtual currencies. In recent days, there have been many cases of theft of coins, and the profits and principals obtained by investors through investment on the chain have been taken away by the coin theft gangs, resulting in huge losses.
1. Common risks of virtual currency theft
1. Private keys and mnemonics are leaked, and acquaintances steal coins
As we all know, if you want to transfer the virtual currency in the wallet address on the chain, you only need to know the private key or mnemonic phrase corresponding to the wallet address, so protecting the private key and mnemonic phrase of your wallet address from being leaked is the key to ensuring the security of assets on the chain. In the past, we encountered several cases of huge theft of coins because investors trusted their friends too much and inadvertently leaked their private keys and mnemonics, which led to the theft of virtual currency in their wallets.
In addition, some criminal gangs have recently emerged under the banner of virtual currency investment, taking advantage of the high technical threshold of using on-chain wallets and the poor security awareness of novice investors to steal coins. First, they lure novice investors under the banner of virtual currency investment, enthusiastically guide them to deposit funds through the exchange OTC, and then let them withdraw the purchased virtual currency to the on-chain wallet. When guiding them to create a wallet address, they record the address's mnemonic, and then restore the wallet on other devices to transfer and steal virtual currency. Therefore, when using on-chain wallets, virtual currency investors must properly keep their address private keys and mnemonics.
2. Fake wallet apps to phish and steal coins
Due to compliance supervision, virtual currency on-chain wallet APPs cannot be listed on major domestic app stores, so some investors often encounter fake APP download links when downloading wallet APPs. This fake APP is no different from the official genuine APP in product functions and usage, but has a backdoor to obtain the user's wallet private key and mnemonic phrase. When making some small on-chain transfers at ordinary times, assets will not be stolen, so users will not notice it. But when a large amount of virtual assets is transferred to the wallet address, the phishing gang will immediately transfer the assets in the address to complete the theft of coins.
3. Interactive authorization of high-risk contracts on the chain leads to theft
Virtual currency investors often exchange investment experiences and new projects on social software such as TG and WeChat communities. They often encounter project links sent by "enthusiastic" group members. Sometimes, if they are not careful, they will interact with high-risk contract addresses on the chain, causing the other party to obtain the authority to transfer tokens in the transfer address, and then the virtual currency in the address will be transferred and stolen.
4. Asking someone else to register an exchange account on your behalf and having it stolen
Cryptocurrency exchanges often launch welfare activities such as launchpad and staking to earn coins, but due to risk control, the amount of money that users can participate in will be limited. In order to get more benefits, some users will ask friends around them to register or even buy some overseas KYC accounts to participate in the platform's activities. Because centralized exchanges can reset and retrieve accounts by submitting relevant identity authentication materials, there is a greater risk of theft of assets in accounts registered by others.
2. How to recover losses after virtual currency is stolen
The biggest feature of blockchain is traceability, so when the virtual currency in the on-chain wallet address is stolen, it is necessary to track and locate it as soon as possible through a browser or related on-chain data tools, grasp the flow of the stolen funds, and monitor the address where the stolen funds are deposited.
Secondly, due to the decentralized nature of blockchain, stolen assets on the chain can only be frozen by judicial means when they enter centralized exchanges, wallets and other institutions. However, the prerequisite for applying for judicial freezing assistance is to provide these institutions with the evidence collection and freezing procedures of regulatory departments such as the public security and courts. In addition, USDT involved in the case on the chain can also apply for Tether to assist in freezing, but the communication operation cost and difficulty are relatively high.
After understanding the initial flow of stolen assets, organize relevant materials as soon as possible and report to the police to request the public security department to intervene in the investigation. Only in this way can the freezing procedures be issued as soon as the virtual assets flow into centralized institutions to recover the losses. Since the investigation and loss recovery of virtual currency-related cases are difficult, it is recommended to entrust professional lawyers and security companies to assist in a timely manner.
III. Legal characterization of virtual currency theft
(I) Investment in virtual currency introduced by an acquaintance was stolen
Case: In a virtual currency theft case heard by the Taocheng District Court of Hengshui City, Hebei Province in 2020, the victim Liu met the defendant Tian through a friend in August 2019. Tian assisted Liu in depositing 35 bitcoins and assisted him in downloading a wallet to store the purchased bitcoins. During the operation, Tian took a photo of the mnemonic words and login password of the wallet address. In October of the same year, Tian used the address mnemonic words he had mastered to restore the wallet address, stole the bitcoins stored by the victim Liu, and cashed in 9 bitcoins, making an illegal profit of RMB 390,000. In the end, the defendant Tian was convicted of illegally obtaining computer information system data and sentenced to three years in prison and a fine of RMB 100,000.
(II) Inducing users to download phishing websites to steal virtual currency
Case: In the case No. (2023) Hu0106 Xingchu 112 heard by the Shanghai Jing'an District Court, the defendant Cai conspired with relevant persons he met on the Internet in mid-2021 to steal other people's virtual currency through illegal technical means. Cai was responsible for promoting the pre-built "phishing website" on the Chinese Internet, inducing network users to download and install, and use the "Telegram" communication software with hidden Trojan programs, thereby secretly obtaining the user's virtual currency account password. On November 3, 2021, the criminal gang used the obtained account passwords to transfer more than 30 million USDT, 2.83 bitcoins and other virtual currencies from the victim. In the end, the defendant Cai was sentenced to three years and four months in prison and a fine of RMB 50,000 for the crime of illegally obtaining computer information system data.
(III) The account was stolen when someone else registered an exchange account on your behalf
Case: In a case of theft heard by the Haikou Intermediate People's Court in June 2022, the victim Wang Moumou bought financial products from the exchange with high returns and wanted to make additional investments, but the purchase amount for each account was limited, so Wang Mou reached a verbal agreement with the defendant Xiang Mou to register an exchange account in Xiang Mou's identity. The right to use these accounts belongs to the victim, and the investment risk is also borne by him. If there is a profit, 4% of the profit will be given to the defendant Xiang Mou as a return. Later, the defendant Xiang Mou stole the mobile phone card registered in Xiang Mou's identity used by Wang Mou, and stole virtual currency by modifying the account password of the exchange, and finally made an illegal profit of more than 13 million yuan. In the end, the defendant Wang Mou was convicted of theft and sentenced to 15 years in prison and a fine of 600,000 yuan.
From the above cases, we can see that in judicial practice, there are two types of punishments for the crime of stealing virtual currency: the crime of illegally obtaining computer information system data and the crime of theft. The main point of contention is whether virtual currency is "public or private property" in the sense of criminal law.
The viewpoint of treating it as a crime of theft: Virtual currency is obtained through mining, pledging, etc., which takes a lot of time and money, has a certain economic value, and can be artificially possessed, controlled and transferred through on-chain wallets and transfer operations, and should be protected by the criminal law as property. But the problem with identifying the crime of theft is how to determine the amount of theft? According to Article 11 of the Several Opinions of Shanghai on the Application of the "Interpretation on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Theft" by the Supreme People's Court and the Supreme People's Procuratorate, if the stolen property cannot be valued and there is no valid price certificate, the amount of theft can be determined by the price of the stolen goods.
From the perspective of the crime of illegally obtaining computer information system data: Virtual currency is not a physical object, and is significantly different from tangible and intangible property such as property in the criminal law sense. It is essentially data information in a computer system. According to the Supreme Court’s “Research Opinions on How to Qualify the Profits from Illegal Sales of Game Coins Using Computers to Steal Others,” the legal attribute of virtual property is computer information system data and should be protected as electronic data. Those who steal virtual currency from online games should be convicted and sentenced for the crime of illegally obtaining computer information system data.
In many cases of currency theft, the private key mnemonics of the address are obtained through various technical means, and then the theft is carried out after the wallet is restored. Therefore, there is also a view that this act of stealing virtual currency violates both the crime of theft and the crime of illegally obtaining computer information system data, which is an imaginary concurrence and should be dealt with from the more serious side.
The prosecutors of the Third Branch of the Beijing Municipal People's Procuratorate believe that the identification of theft of virtual currency should consider whether it is recognized by the overall legal order, and the punishment should be based on the means of theft and the subject of control. The regulatory policy documents on virtual currency mainly include the "Notice on Preventing Bitcoin Risks" issued by five ministries in 2013, the "Announcement on Preventing Token Issuance and Financing Risks" issued by seven ministries in 2017, and the "Notice on Further Preventing and Dealing with Virtual Currency Trading Speculation Risks" issued by ten ministries in 2021. These three documents represent the attitudes of regulatory authorities towards virtual currency in different periods, from recognizing it as a virtual commodity in 2013 to later notices clarifying that the relevant civil legal acts of investors investing in virtual currency violate public order and good morals, the contract is invalid, and the losses are borne by themselves, so the act of stealing virtual currency should be identified at different time points.
Scenario 1: Stealing Bitcoins from an Exchange through Technical Means
For such thefts that occurred before September 4, 2017, the regulatory authorities did not expressly prohibit the domestic virtual currency exchange business, so the use of technical means to steal the virtual currency of the exchange violated both the crime of theft and the crime of illegally obtaining computer information system data, and the imaginary concurrence should be handled as the more serious crime. For such thefts that occurred after September 4, 2017, because the 94th Announcement expressly prohibits the domestic virtual currency trading platform business, the virtual currency of the exchange cannot be identified as public or private property in the sense of the criminal law, so it should be identified as the crime of illegally obtaining computer information system data.
Scenario 2: Stealing personal bitcoins through technical means
If such theft occurred before September 2021, and constitutes both theft and illegal acquisition of computer information system data, the imaginary concurrence should be handled as the more serious crime; for theft that occurred after September 2021, because the 924 notice issued by the regulatory authorities clearly stated that any legal person, non-legal person organization, or natural person who invests in virtual currency and related derivatives violates public order and good morals, the relevant civil legal acts are invalid, and the losses caused by this shall be borne by themselves. Therefore, the theft cannot be regulated as theft, and should be convicted as illegal acquisition of computer information system data.
Scenario 3: Using non-technical means to steal private keys and mnemonics to transfer personal Bitcoin
Such theft of currency that occurred before September 2021 meets the criminal standard and can constitute the crime of theft; such theft of currency that occurred after September 2021 cannot be regulated as property crimes because the means have not been evaluated by others, such as illegally obtaining computer information system data, and therefore cannot be determined to constitute a crime.
The author believes that the above-mentioned Beijing prosecutors’ viewpoints reflect that the regulatory authorities’ efforts to protect domestic virtual currencies have gradually decreased with the introduction of regulatory policies. In practice, some regions will also find it difficult to file cases related to virtual currencies on the grounds that they are not protected. However, the author does not quite agree with the view that the acts of stealing private keys and mnemonics through non-technical means to transfer personal virtual currencies after the 924 Notice do not constitute a crime. The Bitcoin and Ethereum invested by individual citizens are purchased with equivalent legal tender, which is a high-risk investment target. If the theft of such investment products is not identified as a crime, it will inevitably lead to more virtual currency theft crimes.
In addition, although it is possible to obtain private keys and mnemonics through non-technical means to transfer other people's virtual currencies, the wallet address needs to be restored during the transfer and theft process. Can the act of transferring tokens by restoring the address be considered as an intrusion into a computer information system through technical means without authorization or consent from others? If the answer is yes, can it still be convicted of the crime of illegally obtaining computer information system data?
Summarize
Although virtual currency acts as a medium and tool for crime in many crimes due to its own characteristics, it is undeniable that it has certain technological innovations and financial attributes. Many developed countries are gradually improving regulatory laws and regulations to allow blockchain technology innovation to be quickly implemented and better serve the real world. It is hoped that regulatory authorities will not treat this innovative technology in a one-size-fits-all manner. While cracking down on crimes, they need to give it room for development. For virtual currencies such as Bitcoin that citizens invest in with real money, they should be given necessary protection when they are illegally occupied by criminals.