i46 logo white

Securing Crypto Exchanges: Legal Strategies Amid Rising Cybersecurity Challenges

Securing Crypto Exchanges: Legal Strategies Amid Rising Cybersecurity Challenges

A recent piece from Bloomberg Law sheds light on a notable decline in active civil suits against cryptocurrency exchanges, digital wallet providers, mobile phone companies, and other entities concerning claims linked to crypto hacking incidents or cybertheft. This drop is partly credited to heightened security measures and concerted legal strategies in electronic contracting. These strategies have led to updated terms of service provisions and a shift of such cases towards arbitration. The report also indicates that providers have revisited user agreements to update limitations of liability clauses and class action waivers. These legal maneuvers are crucial given the persistent threats of crypto theft, protocol exploitation, and wallet hacks, as highlighted in a recent crypto crime report from Chainalysis. Although the amount of stolen funds has halved from the previous year, the number of individual hacking incidents has increased.

The importance of enforceable terms was highlighted in a recent appeals court ruling where the Ninth Circuit rejected a user’s challenge to a crypto exchange’s arbitration provision. In this case, the Ninth Circuit overturned a district court decision denying cryptocurrency exchange Coinbase, Inc.’s motion to compel arbitration of claims brought by Plaintiff Abraham Bielski related to an alleged unauthorized and fraudulent transfer of funds from his Coinbase account by cyberthieves. The appeals court found the delegation provision included in Coinbase’s arbitration agreement enforceable, rejecting arguments of unconscionability.

Coinbase’s user agreement contained an arbitration agreement with a delegation provision, delegating any dispute arising from the agreement to the arbitrator, including questions of enforceability. When Plaintiff filed suit, Coinbase moved to compel arbitration, arguing that under the user agreement, Plaintiff’s claims and questions of arbitrability belong to an arbitrator, not the court. Plaintiff challenged the provision’s enforceability, alleging procedural and substantive unconscionability, adhesion contract characteristics, lack of mutuality, and imposing one-sided pre-arbitration procedures.

Although the district court sided with Plaintiff, the Ninth Circuit reversed on appeal. The court noted that in evaluating an unconscionability challenge to a delegation provision under California law, it must interpret the provision in the context of the entire agreement. While acknowledging some procedural unconscionability, the court found the agreement’s pre-arbitration dispute resolution procedures reasonable. Ultimately, the court deemed the delegation provision enforceable.

Apart from Plaintiff Bielski’s claims, the Third Amended Complaint included two other named plaintiffs. While the case was pending in early 2023, Coinbase moved to compel arbitration for these plaintiffs’ claims and dismiss other claims on merit. However, oral arguments were postponed due to pending appeals. In a recent Order, the court allowed additional time for parties to confer on how to proceed with pending motions to compel arbitration in light of the Ninth Circuit’s decision. Coinbase has moved to dismiss or compel arbitration for the remaining defendants, opposed by the two other named plaintiffs; oral arguments are scheduled for later this spring.

Regardless of the litigation’s outcome, the Ninth Circuit’s decision emphasizes the importance of sound online contracting practices. As previously discussed, having enforceable terms presented clearly in a mandatory user interface and avoiding unconscionability challenges are crucial for online entities, including crypto-related companies, to mitigate litigation and liability risks.