Skip to main content

PLEASE NOTE: For everyone’s safety, Fasken recommends anyone on-site at our Canadian offices be familiar with the COVID-19 recommendations in place which may include one or more of the following: social distancing, hand sanitizing, wearing a mask in common areas and proof of full vaccination. These measures apply to lawyers, staff, clients, service providers and other visitors.

Bulletin

Is Code Law?

Fasken
Reading Time 7 minute read
Subscribe

Overview

TMT and FinTech Bulletin

Cicada 137 LLC v. Medjedovic[1] brings forward a cutting-edge question on cryptocurrency and similar open-source payment technologies. The trial judge addresses the potential argument “code is law” within the context of a teenager allegedly defrauding over $15 million in cryptocurrency.

Cicada 137 LLC v. Medjedovic – Code is not Always Law

This case involved an Anton Piller order, with the plaintiff seeking to recover passwords for an Etherium wallet with approximately $15 million in cryptocurrency. The plaintiff and original holder of these tokens, Index Financial, asserts that the defendant, Mr. Medjedovic, hacked its system and defrauded participants of their assets. Index Finance sought the Anton Piller order so that the tokens would be turned over to an independent court official pending final judgment in the litigation.

Mr. Medjedovic executed a complex cyberattack that targeted an imperfection in the plaintiff’s code. Therefore, Justice Myers expected that the 19-year-old defendant will argue “code is law” as his defence. The Cicada decision is one of the first reported cases to engage with this legal theory. Justice Myers provides a summary at paragraphs 5 and 6 of how “code is law” would apply to blockchain technology:

If one is able to trade with a blockchain participant within the parameters of the programming code or the notional contract among the voluntary participants, the result is lawful whatever it may be… voluntary participants accept and are bound by the results of the use of the technology.[2]

“Code is law” refers to a laissez-faire contract theory that acts as an unofficial governing principle within cryptocurrency and other programming cultures. The theory asserts that if an action can be executed within the confines of the code governing a transaction, then that action should be considered just and fair. Therefore, discovered vulnerabilities may be lawfully exploited, so long as the exploit remains within the parameters of the code (i.e., no additional code is introduced, and the exploit relies entirely on existing and unmodified code). The underlying idea is that by using certain code, users accept all potential transactions that are possible using that code.

In the judicial sphere, the “code is law” theory implies that if the code permits an action, then the legal system should permit that action as well, and refuse to sanction or condemn it. Because cryptocurrency is built on blockchain technology, some academics propose that cryptocurrency transactions should be subject to the ”code is law” theory.[3] This theory echoes the old common-law adage that “possession is nine-tenths of the law”. By contrast, the “code is law” argument goes even further, and implies that possession  should be considered “ten tenths” of the law, as long as that possession was achieved via a transaction permitted by existing code base, even if that transaction might be seen as an exploit or loophole or otherwise unintended transaction.[4] It would be fair to say that while courts are unlikely to endorse the “code is law” theory where it conflicts with statute or settled common-law principles, they have nonetheless struggled in how to accommodate cryptocurrency in many litigation scenarios.

Cryptocurrency and the Law

Given the nature of blockchain technologies, particularly cryptocurrency, courts have been playing catchup both technologically and legally. Indeed, even a few years ago, it is doubtful whether most courts were technologically equipped to receive cryptocurrency as part of a payment into court or other legal transaction. Canadian courts have therefore had to adapt when dealing with cryptocurrency’s unique attributes.

First, the technology is decentralized. In contrast to banks, crypto wallets are active 24 hours a day and transactions can be executed at any time and from anywhere. Transactions occur instantaneously on a peer-to-peer basis and in the absence of third-party oversight. Second, crypto wallets are generally intended to facilitate anonymous transactions in a decentralized manner. Therefore, the only way to access cryptocurrency is through the passphrase or crypto key – this can make it difficult to enlist the help of third parties like regulators, banks and law enforcement when dealing with cryptocurrency in litigation or attempting to enforce judgments. Finally, the system maintains “strict anonymity” for participants.[5] This again makes enforcement more difficult than would be the case with traditional national currencies and bank deposits.[6]

But courts are not powerless when dealing with cryptocurrency, and they have developed a number of innovative strategies to do justice in the face of new technologies. As a general rule, Canadian courts have refused to allow the unique nature of cryptocurrencies to frustrate the application of the law. In Li v Barber, the court is very clear that:

Digital funds are not immune from execution and seizure to satisfy a debt any more than a bank account provided the individual or institution which can access the funds are within the reach of a court order.[7]

In another case, Justice MacLeod subsequently issued a Mareva injunction that helped cut access to the crowdfunded cryptocurrency used in the Ottawa Blockade. Millions in cryptocurrency were seized by police and transferred to an Escrow Agent, where they will remain for the duration of the matter.

Along similar lines, the court in Copytrack Pte Ltd granted an order in favour of the plaintiff “to trace and recover the tokens in whatsoever hands they may be held.”[8] This remedy was in response to the defendant’s failure to return 530 Ether Tokens (worth about $495,000 CDN at the time) that had accidentally been transferred to him. In another case, the court reminds us that “Compliance is not a matter of discretion or choice on the part of litigants. Rather, compliance is fundamental to the proper administration of justice and maintenance of the rule of law.”[9] Yet again, the court is clear in its jurisdiction over cryptocurrency matters and its ability to provide a sufficient remedy.

In addition to civil remedies, criminal prosecution has sometimes led to the return of stolen cryptocurrency, either as part of a guilty plea and settlement, or as part of a restitution order issued after a finding of guilt at trial.[10]

Conclusion

The reality is that some dishonest defendants will continue to try to hide behind anonymity so long as it is present in the cryptocurrency system. However, case law to date illustrates that while the long arm of the law cannot always reach directly into crypto wallets to remove purloined assets, individual defendants remain well within its reach. Direct authority over individuals generally imparts indirect control over crypto wallets, since few people wish to live as fugitives indefinitely. So as long as individuals can be identified and brought to justice, “law is law” will continue to trump “code is law”.


[1] Cicada 137 LLC v Medjedovic, 2022 ONSC 369 [Cicada].
[2] Ibid at paras 5-6.
[3] Ibid at para 5.
[4] Recently, hackers stole approximately $600 million from a blockchain network connected to the popular Axie Infinity online game. This hack exploited a vulnerability at what is referred to as the Ronin Bridge. Bridges are used to import general cryptocurrencies like Etherium or Stablecoins into separate ecosystems such as a video game’s in-game economy. While few details are known about the attack, the “code is law” argument would allow the attackers to keep the results as long as they did not introduce new code into the bridge. Olag Kharif, “Hackers stole US$600M in massive crypto heist and no one noticed for nearly a week”, National Post, (March 29, 2022), online: https://nationalpost.com/news/world/hackers-stole-us600m-in-massive-crypto-heist-and-no-one-noticed-for-nearly-a-week.
[5] See MiningSky Technology Ltd. v Zhang, 2021 BCSC 198 at para 3 [MiningSky]. MiningSky is a potential example of frustration, since the anonymity of cryptowallet transactions made it difficult for the plaintiff to identify the wrongdoer, given that multiple people had access to the wallet from which funds were stolen.
[6] Ibid.
[7] Li v Barber, 2022 ONSC 1176 at para 23 [Convoy].
[8] Copytrack Pte Ltd v Wall, 2018 BCSC 1709 at para 37.
[9] Shair.com Global Digital Services Inc. v Arnold, 2019 BCSC 870 at para 28.
[10] For an example of a forfeiture order issued after a guilty plea, see R v Vachon-Desjardins, 2022 ONCJ 43 at paras 40-42.

Authors

    Subscribe

    Receive email updates from our team

    Subscribe