NZLII Home | Databases | WorldLII | Search | Feedback

University of Otago Law Festschrifts

You are here:  NZLII >> Databases >> University of Otago Law Festschrifts >> 2016 >> [2016] OtaLawFS 13

Database Search | Name Search | Recent Articles | Noteup | LawCite | Download | Help

Fox, David --- "Cyber-currencies in private law" [2016] OtaLawFS 13; The Search for Certainty: essays in honour of John Smillie 129

Last Updated: 31 May 2019

David Fox*


This paper is about cyber-currencies and how they might be fitted into some well-established principles of private law. Cyber-currencies are recent inventions. The best known kind of cyber-currency, Bitcoin, was launched only in 2009. Since then most of the attention it has received from regulators and legal commentators has concentrated on how existing anti-money laundering regulations should apply to it; and how it should be characterised for the purposes of securities regulation or liability to tax.

Almost nothing has been said about the status of cyber-currencies in private law,1 and about the kinds of considerations that might be relevant to trustees who were thinking of using them as investment vehicles or as means of payment. Cybercurrencies are fundamentally different in their operation from conventional currencies even if, as I eventually conclude, they should be treated as a kind of money for some legal purposes. Any trustee who contemplated acquiring them would need to understand how the familiar rules of private law that apply to conventional currencies might need to be adapted if they were to apply to cybercurrencies.

There are real questions as to whether the private law of money can accommodate cyber-currencies at all. These questions arise in a newly emerging area. There are no direct authorities to rely upon. The answers have to be worked up from first principles, using whatever analogous authorities may be available. The answers I offer are unavoidably tentative but, I hope, are rather more than speculation.

I begin in the second section with a brief description of how cyber-currencies operate, concentrating on the main points of difference between them and conventional bank money. In the third section, I turn to the more fundamental

* Faculty of Law, University of Cambridge. In preparing this paper, I would like to acknowledge

my conversations with Dr Tatiana Cutts and other participants at the conference on “Controlling Cryptocurrencies” held at the University of Birmingham in June 2015.

  1. One rare exception in the United States is Shawn Bayern, “Dynamic Common Law and
    Technological Change: The Classification of Bitcoin” (2014) 71 Wash & Lee L Rev Online 22.

question of whether cyber-currencies might be treated as money in the estimation of the law. Another fundamental question is raised in the fourth section of the paper, which is whether cyber-currencies are property in the law. The status of cyber-currencies as money or property affects the way that some of the familiar rules of private law might apply to them. Some of these are considered in the fifth, sixth and seventh sections of the paper. I turn there to ask how some typical rules of personal property might apply to cyber-currencies, and whether they could be followed or traced when they are taken without authority from their owner or transferred in breach of trust. I consider also some of the private law actions that might be available to recover misapplied cyber-currencies from people who received them without authority.


I begin with a brief description of how cyber-currencies work and of the main differences between them and conventional intangible currencies. The description concentrates mainly on Bitcoin, which is the most frequently used cyber-currency and whose technical specification has received the most publicity.

Bitcoin was launched in 2009 as an internet-based electronic cash system.2 Its operation is governed by a privately devised software protocol rather any conventional payment system founded on contractual agreement or state regulation. Individual bitcoin units have no tangible existence. They consist in chains of encrypted information recorded in unique serial numbers. Bitcoins are produced by a process called “mining”. As we shall see shortly, private individuals – who can be anonymous to other system users – validate payment transactions between bitcoin users. The software issues these so-called “miners” with new bitcoins as a reward for their work. The precise number of coins allocated to them depends on the formula in the Bitcoin protocol. The analogy intended here is with the mining of precious metals, such as gold or silver. The person who mined the metal would sell it to the mint where it would be refined and struck into coins. In each case, the creation of new money depends on the effort of private people in exploiting a finite resource. The Bitcoin protocol limits the number of bitcoins that can be created to 21 million and it is expected that this total will mostly be reached by 2040.

2 See generally the resources available at <> and particularly Satoshi

Nakamoto “Bitcoin: A Peer-to-Peer Electronic Cash System” (2008) < bitcoin-paper>; Robleh Ali and others “The Economics of Digital Currencies” (2014) Q3 Bank of England Quarterly Bulletin; Robleh Ali and others “Innovations in Payment Technologies and the Emergence of Digital Currencies” (2014) Q3 Bank of England Quarterly Bulletin.

Intangible money is nothing new. The conventional bank money that people are familiar with, and which makes up the largest share of liquid money in modern financial systems, is also intangible. In terms of legal analysis, bank money is a chose in action. The holder of money has the benefit of a debt owed by a bank to himself or herself. The debt entitles the holder to payment in legal tender. In terms of its constitutive elements, bank money consists in a digital record of the account between the bank and the account-holder. Its value depends on the possibility of exchanging the units recorded in the account for goods or services in the “real world” or, increasingly nowadays, some consumer benefit existing only in cyber-space.

Analysed as means of payment, there are two fundamental differences between Bitcoin and conventional bank money. First, bitcoins are not choses in action. The unique chain of digitised information that constitutes each coin is a thing in itself. It is not a debt, or a legal claim for the delivery of some other thing. By comparison, bank money consists in a debt for payment of money in the form of legal tender.

Secondly, the fundamental purpose of Bitcoin is that transactions should be recorded on a distributed ledger, rather than through centralised intermediaries. Conventional bank money depends on the use of banks, which hold ledgers recording the state of each customer’s account. The flow of funds between a payer and a recipient is channelled through a network of intermediary banks. The bank acts as an agent in making payments on its customer’s behalf. It validates the customer’s payment instructions by checking that he or she has sufficient funds in the account before it releases the funds for the recipient in the payment transaction. The payment from the payer to the recipient consists in a series of changes made in the ledger records of the clearing banks that participate in the payment network. Ultimately, the payment flows between the clearing banks are combined and recorded in the ledger records of the central bank.

The Bitcoin protocol works instead in a distributed ledger. Payment transactions are not validated through a centralised intermediary, or through anything like a bank. Each bitcoin consists in a chain of encrypted information that records its unique transactional history. When a user wants to transfer a bitcoin to a new recipient, he or she issues an instruction on the network. The payer uses a so-called “public key” to sign the bitcoin and adds the public key of the recipient to the chain of information at the “end” of each coin. The transaction is time-stamped and is visible to other users on the network. Certain users on the network, the so-called “miners”, volunteer to take on the work of validating the payer’s authority to spend the bitcoin. They compete to solve a complex mathematical algorithm that verifies the chain of transactions on the payer’s bitcoin, and in that way they

validate his or her authority to pay it to the recipient. The miner who succeeds has his or her results published on the network. The miner is rewarded for his or her efforts in solving the algorithm. The system releases new bitcoins to the miner.

As each bitcoin passes from user to user, the transactional history recorded on the digital blockchain associated with it grows longer and longer. Nonetheless, the system is entirely anonymous in its operation. It does not record the “real-world” identity of the person who has control over a particular public key. The user publishes his or her public key to the rest of the system as a pseudonym for his or her real identity. So the payment history of a particular bitcoin can be discovered from the blockchain but not the identity of the people behind it. The user activates each payment instruction by also signing it with his or her so-called “private key”. As its name implies, the private key stays private to each user and is not published to other users.

Users may hold their bitcoins in a variety of different forms. The simplest is a wallet held directly on the user’s own hardware. The wallet is entirely virtual and consists in special software downloaded to the user’s own device. Online providers also offer wallet or vault services for their customers. The bitcoins are then held remotely from the user’s own hardware, but he or she accesses the wallet to issue payment instructions. Vault services are designed for longer-term storage of bitcoins, usually as investments. The vault service-providers offer a higher degree of encryption to protect the bitcoins.

Either way, the understanding that the service-providers seek to enforce is that the bitcoins remain the clients’ property. The account that the clients may hold with the service-providers does not operate in the same way as a conventional bank account. The relationship between them is not one of debtor and creditor. It seems to be intended that the clients’ rights in the bitcoins should be in some sense proprietary even when they are held remotely in an online wallet or vault. The clients are not limited to enforcing a personal right against the service-provider to order it to deliver up the bitcoins or to pay them away on the clients’ instructions.

The way that bitcoins are held has important consequences if they are stolen, as happens from time to time. If a hacker breaks into a wallet and steals coins, then the loss lies directly with the user. Unlike conventional bank money, the user has no recourse against an intermediary to make it “re-credit” the account with the amount of the unauthorised withdrawal. Some bitcoin wallet or vault service-providers may offer insurance against the risk of theft but this only goes to emphasise that the immediate loss lies with the user himself or herself. Absent any insurance cover, the user’s only recourse might be to try by private law action to

recover the stolen bitcoins from the thief or from a third party recipient to whom they were transferred.

One purpose of this paper is to consider how viable it might be for the user to bring those private law actions for recovery of misapplied cyber-currencies. This leads naturally to the first question that bears on that problem: whether cybercurrencies are money for the purposes of private law.


The common law has tended not to formulate a general conception of money, which makes it difficult to compare cyber-currencies with any standard legal definition. The view advanced in this section is that cyber-currencies are indeed a kind of money. Cyber-currencies are a privately-issued currency. They are tolerated, though not authorised, by the states where they circulate. They are not legal tender. Seen from the perspective of the state where they circulate, cyber-currencies are something analogous to a foreign currency, albeit one which is a private invention rather than something issued pursuant to the sovereign monetary authority of any state.

So far as there are any legal definitions of money, they tend to be specific to certain contexts: certain kinds of assets are money for the purposes of particular statutory definitions or legal rules. In fitting cyber-currencies into the private law relevant to trusts it is necessary to ask, for example, whether they are money for the purposes of the common law defence of good faith purchase for value; and whether they are money for the purposes of a common law restitutionary action for money had and received; or for the rules of following and tracing when money belonging to different persons is combined in a mixture.

The difficulty of defining money confronted Dr Francis Mann in his authoritative work on the Legal Aspect of Money, first published in 1938 and now in its seventh edition of 2012.3 Mann explained what money was in terms of its standard economic functions – medium of exchange, unit of account and store of value – and then related them to those assets that were clearly money according to any legal definition. He said that:4

3 Charles Proctor, Mann on the Legal Aspect of Money, 7th ed (Oxford University Press, Oxford,


  1. Frederick Mann, The Legal Aspect of Money, (1st ed, Oxford University Press, Oxford, 1938) at

“[T]he quality of being money is to be attributed to all chattels which, issued by the authority of the law and denominated with reference to a unit of account, are meant to serve as a universal medium of exchange”.

Mann’s definition confined money to those chattels that were legal tender in the state that issued them. The core sense of money was therefore limited to coins or banknotes issued by the state’s monetary authority, and denominated in its national unit of account. So for England, this would have limited the core definition of money to coins struck by the Royal Mint or bank notes issued by the Bank of England. Both are created under statutory authority and denominated in the pound sterling (or in fractional units of the pound). The pound sterling has long enjoyed legal recognition as the national unit of account of England and eventually, after the monetary unions with Scotland and Ireland, as the unit of account of the United Kingdom as a whole.

But this definition is obviously narrow in its coverage of the range of assets that serve monetary functions in the modern economy. It is also narrow in its reference to the range of assets that would be recognised as money in private law. Only about 3.5% of the liquid sterling held in the United Kingdom is represented by legal tender coins and notes.5 The remaining 96.5% is represented by intangible deposits of bank money which lack legal tender status. In terms of property law these holdings of bank money are analysed as intangible choses in action rather than tangibles.

For most private law purposes the legal understanding of money goes beyond the core sense of legal tender. The most important extension is bank money. Bank money is denominated in units of the national money of account. It can ultimately be reduced to payment in legal tender at par value. In all probability, very few people holding bank money would want to see it reduced in this way but it is the notional possibility of doing so that enables it to be treated as a kind of money in the law. Most state monetary systems are organised according to this legal structure: the state issues a primary form of money with legal tender status; the law then allows the creation of secondary forms of money – typically as debts denominated in the same units as the legal tender money – which can in principle be “cashed out” by the delivery of legal tender. They are treated as functionally equivalent to the legal tender money they are constructed from.

5 See Bank of England, “Money and Credit Statistical Release”, (April 2015) estimating

UK broad money (M4) holdings at approximately £1.8 trillion; and the Bank of England note circulation at approximately £64 billion: “Banknote statistics”, (April 2015) < www.>.

Against this conventional legal view of money we consider the status of cybercurrencies in private law. The first point of difference is obvious: cyber-currencies are not legal tender in any state where they circulate. But this difference says relatively little about their status as money since, as we have seen, the conventional bank money comprising the largest share of money in circulation is not legal tender either. The second point of distinction also turns out to be less significant than it might first seem: state monetary authorities have no role in supporting or issuing cyber-currencies. As we saw in the previous section, the operation of cyber-currencies is governed by a privately created protocol, and individual units are created by a process of mining performed by individual private actors.6 But this too does not definitely count against cyber-currencies being money in private law. Conventional bank money consists in debt obligations or credit granted by private banks to their customers. The state through its central bank exercises some regulatory oversight over the liabilities created by banks in favour of their customers. Nonetheless, the activity of banks in creating them remains a private endeavour.

In my view, the third difference raises the more difficult questions as to whether cyber-currencies should be treated as money in private law. Cyber-currencies are not denominated in terms of a unit of account that is legally identified with any particular state. Bank moneys held in a sterling, US dollar or euro account are privately-created currencies without legal tender status. But they are still denominated in the national currency units of a particular state, and consist in debts that are ultimately reducible to payment in the legal tender of those states.

Cyber-currencies, however, are denominated in a private unit of account which is not authorised by any state exercising sovereign power over a monetary system. While it is true that cyber-currencies can be exchanged for conventional currencies, this transactional process is not the same as happens, for example, when a sterling-denominated bank balance is reduced to sterling legal tender. The exchange between cyber and conventional currencies is made at the then-prevailing exchange rate between them. The rate varies according to movements in the market. In principle, however, bank money denominated in a conventional currency should always be cashed out at par. A state-created unit of account is identified with, and partly embodied in, the legal tender money issued by that state.

Despite this difference, cyber-currencies may still be treated as money in private law. They exist as media of exchange to be tendered and accepted in payment

6 See section 2 above.

for goods or services, rather than to be held or consumed for anything inherently useful in themselves. Their practical value consists in the expectation of the person receiving them that he or she can pass them on in return for other things having some use value. Cyber-currency systems have their own unit of account. It is identified with, and represented in, each notional cyber-coin tendered and accepted as a means of payment. It would be possible for debt obligations to be expressed directly in terms of cyber-currency units so that tender and receipt of the required number of cyber-coins would discharge the debt. Goods or services could be priced in terms of cyber-currency units. So returning to the economists’ three functions of money, it seems that cyber-currencies can serve as media of exchange and units of account.

The third economic function of money is that it serves as a store of value. This function perhaps follows as a consequence of the other two. The capacity of a currency to store value depends on the possibility that another person would be willing to accept it as payment for goods or services which have a value in use or consumption. True, there may seem to be a practical objection to cyber-currencies being treated as monetary stores of value. Common experience shows that they fluctuate widely in value against the conventional currencies for which they are exchanged and the real-world goods and services which are bought with them.7 As stores of value measured in purchasing power they seem inefficient compared to conventional currencies.

But this objection goes more to the practical utility of holding cyber-currencies than to undermine some essential attribute of their status as money. Even conventional money can only store value at a nominal rate. Any kind of money stores value in terms of the number of monetary units of account assigned to it by law (in the case of state-issued currencies) or by the protocol which governs its operation (in the case of privately-created cyber-currencies). Cyber-currencies may be relatively unstable as stores of purchasing power which may be a reason against using them as means of payment and cast doubt on their long-term suitability as investments. But it is not a reason against treating them as money since stable purchasing power has never been an essential attribute of money.

The greatest objection to treating cyber-currencies as money is they do not circulate widely. As of July 2014, there were almost 41 million addresses listed worldwide on the bitcoin blockchain but the number of users is likely to be far fewer since each

7 Between 2010 and 2012, the value of bitcoins remained constant at about 13 USD. It

then spiked in November 2013 to over 979 USD, before falling throughout 2014. Its value throughout 2015 has been about 240 USD. See <>.

user may possess several addresses.8 Most bitcoin transactions seem to be made as speculative investments rather than as payments in sale transactions. Modern common law understandings of money require that an asset must be generally acceptable in the state where it circulates.9 Otherwise it is simply treated as a prepaid token for goods or services. It would not be functionally different from the many local currencies that have sprung up in England recently, such as the Brixton pound or the Bristol pound.10 Unavoidably, the question whether a certain thing is money or not becomes one of degree, rather of than strict distinction in kind. Things may be more or less money-like depending on how widely they circulate.

Despite the doubts, the view advanced here is that cyber-currencies circulate widely enough and are sufficiently money-like to be treated as money for the purposes of private law.


A second question is whether cyber-currencies should be treated in law as property and, if so, what kind. The question would be important to any trustee considering purchasing cyber-currencies as investments or means of payment. The trustee has an obligation to get in the trust assets.11 In the absence of some authorised relationship of custodianship or nomineeship, the trustee is expected to hold the legal title to the assets. If cyber-currencies are not property, then the trustee (or the delegates acting on his or her behalf) would necessarily fail in that requirement. The proprietary status of cyber-currencies would also be relevant to the kinds of remedies that a trustee might bring to recover the currencies or their traceable proceeds if they were misapplied without authority under the trust instrument. A restitutionary action which depended on proof of a proprietary title would not be available. Similarly, proprietary claims, such as the enforcement of an interest under a constructive trust or equitable lien, would be out of the question.

The view advanced in this section is that there are good reasons for treating cybercurrencies as property in the estimation of the law. There are, however, real doubts on the authorities as to whether a court would reach that conclusion. This would at least put in doubt whether the trustee was duly exercising his or her duty of

8 Ali and others “The Economics of Digital Currencies”, above n 2.
9 Proctor, above n 3, at [1.68].

10 Compare Mona Naqvi, “Banknotes, Local Currencies and Central Bank Objectives” (2014) Q3 Bank of England Quarterly Bulletin.

11 See generally John McGhee (ed) Snell’s Equity (33rd ed, Sweet & Maxwell, London, 2015) at [29-004].

care and skill in choosing to invest in assets of uncertain proprietary status. Even if the investment in cyber-currencies was, in the end, held to be authorised on the ground that the currency was in fact property, the doubts about the proprietary status of cyber-currencies are of such a fundamental nature that the decision to acquire them might be treated as negligent.

Cyber-currencies do not fall into either of the conventionally recognised categories of personal property. They are neither choses in possession (as state-issued coins are) nor choses in action. Since they are intangible, they are incapable of physical possession. Proprietary actions in the law of torts, such as trespass or conversion, would not lie to protect a putative owner’s title to them. The prevailing view in English law, which the House of Lords in OBG Ltd v Allan has authoritatively affirmed, is that these actions depend on proof of interference with actual possession or a right to immediate possession of the subject matter of the claim.12 Conversion is not an action for the enforcement of ownership as such. Possession has been confined to its traditional sense, which requires some physical control over a tangible thing. An intangible thing cannot be possessed for the purposes of common law claims simply because one person is in a position to exercise complete control over access to it.13

Neither are cyber-currencies choses in action, like intangible bank money. This follows from the defining difference between cyber-currencies that work on a distributed ledger and the conventional currencies that depend on the existence of centralised intermediaries. In the simplest case, the holder of cyber-currency holds the relevant “coins” in a wallet as encrypted information on his or her own hardware. His or her ownership does not consist in the power to compel a debt for the payment of cyber-coins.

Cyber-currencies would only be treated as property if a third category of personal property were recognised apart from choses in possession or choses in action. The recent authorities are divided on whether there is such a third category that would accommodate other kinds of intangible things. On the one hand, Stephen Morris QC, sitting as a Deputy High Court Judge in Armstrong DLW GmbH

v Winnington Networks Ltd, accepted that the categories of personal property were not confined to choses in action and choses in possession.14 He returned to first principles about the defining features of property in the law, and held that a European Union carbon emissions allowance under a trading scheme was a species

12 OBG Ltd v Allan [2007] UKHL 21, [2008] 1 AC 1.

13 Your Response Ltd v Datastream Media Ltd [2014] EWCA Civ 281, [2015] QB 41; Environment Agency v Churngold Recycling [2014] EWCA Civ 909, [2015] Env LR 13.
14 Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch), [2013] Ch 156.

of property. The allowance created a transferable immunity from prosecution for exceeding a carbon emissions target. On the other hand, dicta of Moore-Bick and Floyd LJJ in Your Response Ltd v Datastream Business Media Ltd stand against the view that there is a third category of personal property.15 A second objection from that case is that information has never as such been treated as property, although the physical medium on which it is recorded may be property. Either objection may prevent a conclusion that cyber-coins are property. The second would be particularly problematic since, when reduced to their constitutive elements, cybercoins consist of strings of encrypted information recorded on physical hardware.

Despite these objections, it is instructive to apply the tests used in Armstrong DLW GmbH v Winnington Networks Ltd for determining whether an intangible asset might be treated as property for legal purposes. The Deputy High Court judge, Stephen Morris QC, held that the intangible carbon allowance was property. It was definable (to the extent of having a unique reference number), and identifiable by third parties. It could be assumed by third parties. It had permanence and stability, and was capable of existing in an account until it was transferred. It subsisted over time.16

Cyber-currencies satisfy all these criteria. Each cyber-coin is definable by its own unique transactional history recorded on the blockchain. Third party users of the system can distinguish individual cyber-coins even when they are associated with the public key of a different user. The purpose of the coins as means of payment assumes they must be transferable to third parties, and experience shows that this is in fact the case. The effect of payment is that the recipient assumes the same powers of spending the coins as the former holder enjoyed. They are as permanent and stable in their existence as any intangible bank currency. They exist over time. So long as the digital records of their creation and transfer survive then the coins themselves continue to subsist (indeed in this respect, they are perhaps no more vulnerable to destruction than conventional bank money). The recognition that cyber-coins may be property is not hampered by any lack of legal remedies available to enforce the owner’s title to them. As we shall see, the owner’s legal or equitable title could be protected by restitutionary actions, as was true for the carbon allowances in Armstrong DLW GmbH v Winnington Networks Ltd.17 It would be unnecessary to argue for some fictitious extension of the legal concept of possession to bring them within the protection of the law of torts.

15 Your Response Ltd v Datastream Media Ltd [2014] EWCA Civ 281, [2015] QB 41.

16 Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch), [2013] Ch 156, at [50].

17 See section 7 below.

We are left nonetheless with the objections raised in Your Response Ltd v Datastream Business Media Ltd to treating information as property.18 There are perhaps two grounds for distinguishing the dicta in that case. The first is that the main issue was whether a database service-provider could exercise a common law possessory lien over the client’s database of magazine subscribers when the client failed to pay the full fees due under the contract. The case was an attempt to extend traditional common law actions and remedies, which depend on possession of tangible property, to an intangible thing. The Court of Appeal declined to accept that the notion of possession could be extended to include the service-provider’s control over an intangible thing, such as a database. To have done so would have conflicted with the authoritative view of the House of Lords in OBG Ltd v Allan that the tort of conversion would not lie where a person interfered with the performance of a contractual obligation by wrongfully cancelling or compromising a monetary debt.19 All that made sense in the context of the case. But the question whether a cyber-coin should be regarded as property does not depend on any analogy with the possession of tangible things or the kinds of tort action that enforce possessory rights to tangibles.

A second possible ground for distinguishing the objections in Your Response Ltd v Datastream Business Media Ltd is that the understanding of information discussed in that case is perhaps not transferable to a cyber-coin.20 Like the cyber-coin, the database would have consisted in digital items recorded on system hardware. Their functional effect was only to express readable information about the defendant’s magazine subscribers. But the digital information constituting the cyber-coin exists to create a thing different from itself. That thing would serve as a medium of payment, having functions directly analogous to those of conventional currencies. True, the cyber-coin may consist in information. But the whole, seen in terms of its function, is perhaps greater than the sum of its informational parts.

On balance, I think that cyber-currencies should be treated as property. I acknowledge, however, that there are real doubts whether that conclusion would follow given the approach in some of the recent case law. Those doubts might weigh heavily in the mind of a trustee thinking of investing in them.

18 Your Response Ltd v Datastream Media Ltd [2014] EWCA Civ 281, [2015] QB 41.
19 OBG Ltd v Allan [2007] UKHL 21, [2008] 1 AC 1.
20 Your Response Ltd v Datastream Media Ltd [2014] EWCA Civ 281, [2015] QB 41.


If cyber-currencies are property, then it would follow that a person may have a legal title to them. The rules of title would be the same as applied to personal property generally, with some modifications to allow for their special status as a kind of money. Cyber-currencies could be held on trust so that a beneficiary would have an equitable title to them. This section develops two special points about applying the conventional rules of title to cyber-currencies: the relevance of the blockchain associated to each cyber-coin, and the application of the defence of good faith purchase for value.

We saw that one distinguishing feature of cyber-currencies is that each coin carries a digitised record of its unique transactional history.21 It is possible to follow the transactional chain through which the coin has passed since it was first created by mining. While the blockchain may provide conclusive evidence of the transactional links, it is not constitutive of the holder’s legal title to the coin. The record of a particular holder’s public key on the blockchain does not have the same effect, for example, as the registration of a person as the proprietor of a legal estate in land. Thus a block showing that the coin passed from a transferor, A, to a transferee, B, does not necessarily constitute B as the holder of the coin with an indefeasible title if the transaction between them proves to be void or voidable according to conventional rules of property law. Title to a cyber-coin should depend on the general rule that one person can confer no better title on a transferee than he or she actually has. So if B is a hacker who has stolen coins from A’s wallet, B’s title should be void at law even though the blockchain records the coins as having passed to B. Subject to what is said below about good faith purchase for value, B could not confer a valid title on the next transferee of the coin, C. As a starting point, A’s title to the money should survive and be enforceable against subsequent transferees whose public keys may be recorded in the blockchain.

Good faith purchase for value is a large exception to this basic rule about the passing of title to cyber-coins. The defence comes in an equitable and a legal form. An equitable title to any kind of personal property is extinguished once a person takes a transfer of the legal interest as a good faith purchase for value.22 This usual defence should also apply to cyber-coins. The defence does not depend on whether they are treated for legal purposes as a kind of money.

21 See section 2 above.

22 See generally McGhee, above n 11, at [4.017-4.041].

Alongside this is the less known common law defence of good faith purchase for value, which applies uniquely to money and, in codified form, to negotiable instruments such as bills of exchange and promissory notes.23 Its effect is to create a fresh, indefeasible legal title in a transferee who receives money in good faith and for value. It makes the recipient immune from the claim of any previous holder who might otherwise have retained a proprietary interest in the money. So in the example given above, if C received A’s stolen cyber-coins, taking them in good faith from the thief B, in return for a valuable consideration, then C could defeat any proprietary claim to the coins or their traceable proceeds in C’s hands. Neither would C be liable to A in a common law restitutionary action for money had and received since that depends on proof that A retained a legal title to the money received by C.24

The common law defence of good faith purchase could only apply to cybercurrencies if they were treated as money. For the reasons given in the previous section, my view is that they should be so treated, and the defence should therefore be extended to them. Historical experience shows that the application of the common law defence depends on whether a certain kind of asset functions as money rather than on the category of property the asset belongs to. Thus the defence which was originally thought to apply to coins was extended to banknotes when they began to circulate as the functional equivalents of coins during the eighteenth century.25 It has been assumed since then that it applies to bank money in the form of choses in action.26 There is therefore reason to think that it might apply to cyber-coins when they are transferred from one person to another as a means of payment.

Whether in equity or at law, the application of good faith purchase to cybercurrencies may involve some distinctive considerations. Bad faith in this context is identified with dishonesty or with taking a commercially unacceptable risk that the money derives from a tainted source.27 A person does not act in bad faith

23 Miller v Race [1758] EngR 129; (1758) 1 Burr 452; Clarke v Shee [1774] EngR 107; (1774) 1 Cowp 197; Bills of Exchange Act 1882, s 29.

24 By analogy with Lipkin Gorman v Karpnale Ltd [1991] 2 AC 548, discussed in section 7 below.

25 David Fox, “Bona Fide Purchase and the Currency of Money” [1996] CLJ 547; and David Fox, Property Rights in Money (Oxford University Press, Oxford, 2008) at [8.10-8.13].

26 This assumed in the rule that a bank receiving trust money in good faith and in discharge of its customer’s overdraft takes an indefeasible title to it: Quistclose Investments Ltd v Rolls Razor Ltd [1970] AC 567; Bishopsgate v Homan [1994] EWCA Civ 33; [1995] 1 All ER 347.

27 Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch), [2013] Ch 156 at [100]- [102] and [106]-[123], applying Niru Battery Manufacturing Co v Milestone Trading Ltd [2002] All ER (Comm) 705.

merely because he or she might have been negligent in failing to realise some fact or because there was some objective reason why he or she should have believed it.28 A person may be fixed with notice of facts where he or she knew circumstances that would have indicated the facts to an honest and reasonable person or, at the very least, put that reasonable person on inquiry.29 Doctrines of constructive notice can have a place in routine transactions where money is paid but only if the standard of inquiry is modified to allow for the ordinary practices observed in typical payment transactions. A recipient of money is not expected to make all the exhaustive inquiries into title that would routinely be expected in a conveyance of land. Unless the recipient is alerted to the possibility of wrongdoing, he or she is entitled to proceed on the assumption that the transaction is untainted.30

What would be sufficient to put the reasonable recipient of a cyber-coin on inquiry about any unlawful provenance it might have? Given that many cybercurrency payments happen anonymously, there may be nothing in the identity of the transferor that could put the recipient on notice. In principle, however, the entire transactional history of a cyber-coin is discoverable in a way that is impossible with payments of conventional coins, banknotes or bank money. When a miner validates a proposed payment, he or she confirms the transactional history recorded in the blockchain. By expert clustering analysis, it is possible to determine the probability that a certain public key recorded on the blockchain may be associated with an identified person in the real world.31 The probability that a particular cyber-coin might have passed through a tainted source, such as a public key known to be associated with money laundering, can be ascertained.

Although information of this kind is discoverable, it seems unlikely that the recipient of a cyber-coin in a routine transaction should have any reason to be fixed with notice of it. Anonymity is assumed to be the norm and there are no routine “know your customer” procedures applying to cyber-currency payments. Information about the tainted provenance of individual cyber-coins may be discoverable by specialised forensic techniques. But there is as yet no standard

28 Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch), [2013] Ch 156 at [110].

29 Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch), [2013] Ch 156 at [121]- [123].

30 Macmillan Inc v Bishopsgate Investment Trust plc (No 3) [1995] 3 All ER 747 at 769 per Millett J, affirmed on other grounds [1995] EWCA Civ 55; [1996] 1 All ER 585 (CA); Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch), [2013] Ch 156 at [121] and [288].

31 See Sarah Meiklejohn and others, “A Fistful of Bitcoins: Characterizing Payments among Men with No Names” (December 2013) University of California <http://cseweb.ucsd. edu/~smeiklejohn/> .

practice of applying them to routine payments. A recipient’s failure to follow these techniques would not in itself be a ground for fixing him or her with constructive notice of the facts they might have revealed. It should not be enough to put a recipient on notice of a particular unlawful transaction that he or she has some general knowledge that cyber-currencies are often associated with unlawful activities, such as money laundering.32

The facts needed to put a person on notice may be the same as would support an inference of bad faith in him or her. Unless the recipient of a cyber-coin has sufficiently direct knowledge to make his or her acceptance of the coin dishonest, or for him or her to be taking a commercially unacceptable risk, then in all probability he or she will take it as a good faith purchaser for value. The evidence which might cast doubt on his or her good faith or degree of notice would need to come from extrinsic sources. It would be exceptionally rare that it could be inferred from the recipient’s knowledge of the blockchain itself.

In many transactions where cyber-coins were transferred for value, the recipient would take an indefeasible legal and equitable title. The title of any former holder of the coin would be extinguished.


If cyber-currencies were property then they could be followed from one holder to another and their value traced into substituted assets. This may provide a foundation for a proprietary claim enforced against a person identified as holding them, or a claim for restitution of their value through a common law action for money had and received, or an equitable claim for knowing receipt.33 The transactional history recorded on the blockchain would identify the public key of each transferee. But evidence extrinsic to the coin itself would be needed to identify the person behind each transactional stage. Unlike the following and tracing of traditional currencies, the challenge may be less in plotting the passage of the money from its source to its destination than in identifying the persons behind each point of this process. A second difference may be that cyber-coins cannot be mixed in ways that cause them completely to lose their distinguishing identity. Nonetheless, the presumptions of evidence for differentiating mixtures of conventional money may have some place in mixtures of cyber-currencies.

32 Compare Abou-Rahmah v Abacha [2006] EWCA Civ 1492, [2007] WTLR 1 at [72] per Arden LJ and [98] per Pill LJ (in the context of dishonest assistance in breach of fiduciary duty).
33 See section 7 below.

“Following is the process of following the same asset as it moves from hand to hand. Tracing is a process of identifying a new asset as the substitute for the old.”34 The process of following a cyber-coin between transfers is in some ways easier than following conventional currencies. Each coin is identified by its distinctive blockchain which records its transactional history as it passes from one public key to another. There is a strong analogy with the following of a tangible coin from one person to another. In each case it is the same thing which is identified as passing between the persons. The contrast is with the passage of intangible conventional currencies through a bank payment clearing system. Strictly, the money is traced rather than followed. Each stage in the system represents the substitution of a new chose in action for an earlier one. The transactional links between them are defined by the rules of the payment system.35

In principle, there seems no reason against tracing from a cyber-coin into a substituted asset acquired in exchange for it. The main motivation may be that the cyber-coin itself was paid to a good faith purchaser for value. On the view advanced in the previous section the coin should be treated as money, which would extinguish any retained legal or equitable interest that the claimant might have had in the coin. While it may be possible to follow the coin, the claimant might have lost any interest to enforce against it. He or she would only be left with a claim to the traceable proceeds substituted for it.

One of the main obstacles to following or tracing conventional currencies is that the proceeds of the claimant’s original money may become mixed with the money of the defaulting trustee or a third person. The effect may be to obscure the identity of the proceeds or to force the claimant to quantify and distinguish his or her own contribution to a mixed fund from that of another contributor. Equity has developed its familiar evidential presumptions for quantifying the relative shares in a mixed fund of money and for allocating losses from the mixture to one contributor to another.36 The much criticised rule of the common law is that a legal interest in money cannot be followed through a mixture. Each unit of currency lacks any distinguishing features that could identify it as the property of one person rather than another.37

If the notion of mixture has any relevance at all to cyber-currencies, then it would have to entail something different from the analysis of a mixture of conventional

34 Foskett v McKeown [2000] UKHL 29; [2001] 1 AC 102 at 127 per Lord Millett.
35 Fox Property Rights in Money, above n 25, at ch 5.
36 See generally McGhee, above n 11, at [30-056]-[30-062].

37 Lipkin Gorman (a firm) v Karpnale Ltd [1991] 2 AC 548 at 572 per Lord Goff; Trustee of the Property of FC Jones & Sons v Jones [1997] Ch 159 at 169 per Millett LJ.

currencies. The appropriate analogy to draw would be the following of tangible coins through a physical mixture rather than the following of monetary value through a conventional bank account. Cyber-coins are money things rather than debts for the payment of money. The evidential presumptions for following “money” into and through bank accounts work by allocating the units of monetary value represented in a single debt owed by the bank to its account holder. The defining feature of a distributed cyber-currency system is that it does not consist in debts owed by a centralised intermediary.

At the very least, this should mean that there is no justification at all for applying the rule in Clayton’s Case to mixtures of cyber-coins belonging to two innocent claimants.38 The rule is summed up in the maxim “first in first out”. Withdrawals from the account are deemed to be drawn against the deposits first made to it. The rule has its critics – and justifiably so – even in relation to mixtures in conventional bank accounts. But since the rule depends on the order of payments and withdrawals in a bank account, it is by definition irrelevant to mixtures of cyber-coins. If cyber-coins belonging to two or more innocent parties were mixed, then withdrawals from the mixture might be borne proportionately among them.39

The question of how cyber-coins are “mixed” depends on the distinctive mechanics of the payment processes applying to them.40 Coins derived from different payers’ public keys may come to be associated with the public key of a single recipient. To some degree, every coin (or fractional unit of a coin) retains a distinct identity at the recipient’s public key owing to its unique transactional history on the blockchain. In an absolute sense, it may be that no coin becomes so inextricably mixed that any possibility of distinguishing it from others is wholly excluded.

But identification is always a matter of degree depending on the sufficiency of proof at hand. Cryptographic studies indicate that dishonest users of the cybercurrency systems resort to distinctive payment techniques to obscure the following of stolen cyber-coins. They may “split” large amounts of cyber-coins between two or more public keys. They may create “peeling chains” where small amounts are peeled off from large holdings of coins held at a single public key. The peeled chains are then re-combined, and the peeling process repeated.

Even routine honest payments proceed by a technique which is different from tangible coins. Suppose for example that A wishes to buy goods from B which are priced at 1 cyber-coin unit, and A has 25 cyber-coins obtained in a previous

38 Clayton’s Case [1815] EngR 77; (1816) 1 Mer 572.
39 Compare Barlow Clowes International Ltd (in liquidation) v Vaughan [1991] EWCA Civ 11; [1992] 4 All ER 22.
40 Meiklejohn, above n 31.

transaction. The payment procedure requires A to pay B the entire parcel of 25 coins, and B to pay A 24 coins in change. The goods and the 24 coins become the traceable substitute for A’s original 25 coins.

The effect is that the following and tracing of specific cyber-coins can be made very difficult even if, in some absolute sense, the units remain distinctly identifiable. Cyber-coins derived from an innocent claimant or belonging to a third party could become associated with other coins attached to the public key of a thief or defaulting fiduciary. There is reason to think that the rules in Re Hallett’s Estate and Re Oatway should be relevant to allocating the value contained in mixtures of cyber-coins.41 They may cut through evidential uncertainty presented by the complexity of the digital data associated with the mixture of the coins. Properly understood, the rules in Re Hallett’s Estate and Re Oatway depend on the general presumption that a wrongdoer should bear the losses resulting from evidential uncertainties arising from his or her own conduct. The rules are consistent with a more general approach to allocating the burden of proof where a wrongdoer obscures evidence of a claim against him or her.42 Their rationale does not depend on anything specific to the analysis or operation of conventional bank accounts.


I turn finally to consider the actions that may be available to enforce a claimant’s title to wrongfully transferred cyber-currency. A claimant who has retained a legal title to cyber-coins might enforce it by a restitutionary action for money had and received. A trust beneficiary with an equitable title might enforce it by an action for knowing receipt of property. It seems that both would lie for the receipt of intangible money. They focus on the money received as a repository of value, rather than as a tangible thing. Unlike an action in conversion, they do not require the claimant to have any right to possession of the thing which the defendant wrongfully interferes with.

Both claims require the recipient to restore the amount of money that he or she first received. They are proprietary claims only in the sense that they require the claimant to have had a title to the money when the defendant received it. They therefore require the claimant to follow or trace the money as far as the defendant. But the remedy in each is personal. The claimant recovers an amount of money equivalent to the sum received by the defendant since the claim crystallises at

41 Re Hallett’s Estate (1879) 13 Ch D 696; Re Oatway [1903] 2 Ch 356.

42 El Ajou v Dollar Land Holdings plc (No 1) [1993] 3 All ER 717 (Millett J); affirmed on this point [1993] EWCA Civ 4; [1994] 2 All ER 685 (CA).

that point. This has the advantage that the claimant is not concerned to follow or trace his or her money beyond the point where the defendant received it. The corresponding disadvantage is that the claimant does not take any priority if the defendant is insolvent.

The most prominent modern application of the common law action for restitution is Lipkin Gorman v Karpnale Ltd.43 In that case a gambling club received the traceable proceeds of money which a dishonest partner in a solicitors’ firm drew from the partnership account without his partners’ authority. Since the liability in the action is strict, the club was held liable for the amount received even though it was found that the club had acted in good faith. The club could not argue that it had defeated the claimant’s title by taking the money as a good faith purchaser for value without notice. It gave no consideration for the payment since it received the money under a void gaming contract. The club did, however, succeed on a defence of change of position to the extent that it paid out the winnings on the gambler’s occasional successful bets.

The case proceeded on a concession that the gambling solicitor had not mixed the money before paying it on to the defendant. Usually, a thief mixes the money he or she steals. Since the rule remains that the common law rules of identification do not allow money to be followed through a mixture, this usually becomes an insurmountable obstacle to a claimant suing successfully on a common law claim for restitution. The claimant cannot identify a specific connection between the money first stolen and the money eventually received by the defendant. The effect has been to curtail the practical relevance of the common law claim as a means of recovering stolen money.44

There is some reason to think that the common law claim may be more relevant to the recovery of stolen cyber-currencies than conventional currencies. We saw in the last section that the unique blockchain associated with each cyber-coin may provide some evidential basis enabling them to be followed through a mixture. If so, the mixture of cyber-coins might not be an absolute obstacle to tracing or a reason for extinguishing the claimant’s legal title to them.45 The common law restitutionary action, which is a practical dead-letter in claims to recover stolen

43 Lipkin Gorman v Karpnale Ltd [1991] 2 AC 548.

44 A second effect has been the development of equitable actions which treat a thief as a constructive trustee. The victim of an ordinary theft acquires an equitable title, enabling him or her to circumvent the rule that money cannot be traced through a mixture at common law: Westdeutsche Landesbank Girozentrale v Islington LBC [1996] UKHL 12; [1996] AC 669 at 715-716.

45 Westdeutsche Landesbank Girozentrale v Islington LBC [1994] All ER 890 at 917 per Hobhouse J; Lipkin Gorman (a firm) v Karpnale Ltd [1991] 2 AC 548.

conventional currencies, might find a new relevance. All this would depend, as we have seen, on the application of specialist decryption techniques, and the possibility of matching public keys with real-world identities.

In equity, the corresponding action available to the beneficiary of a trust – or to a trustee suing on his or her behalf – would be one for knowing receipt. The third person to whom the misapplied cyber-coins were followed or traced would be liable as a constructive trustee for the amount of money received beneficially in his or her own right. The recipient’s liability would not depend on the cyber-coins being characterised as money. Although conventional currencies in their various forms are the most common subject of the action, it has also been held to lie where the defendant has received non-money chattels.46

The pre-condition to liability is that the recipient must have had such knowledge of the unlawful provenance of the money to make it unconscionable for him or her to keep the benefit of it.47 At the very least, this entails that on the facts actually known to the recipient, a reasonable person would either have appreciated that the transfer was probably in breach of trust or would have made inquiries or sought advice which would have revealed the probability of the breach of trust.48 The same considerations affecting the standard of notice in the defence of good faith purchase for value would be relevant to whether the recipient had unconscionable knowledge. It seems that some allowance would have to be made for the usual exigencies of ordinary payment transactions. Even recipients of conventional currencies do not routinely inquire into the title of the persons paying them. In cyber-currency payment systems, anonymity between the payer and recipient is not only the norm but is often the very reason why they have resorted to using cyber-coins. The evidence that might put a recipient on inquiry would have to be extrinsic to the payment system itself. The blockchain would not itself reveal whether certain cyber-coins were the proceeds of a theft or an unauthorised transaction. In all, it would be rare that an action for knowing receipt would succeed.


This paper has made the argument that cyber-currencies should be treated as a kind of money and a kind of property, at least for the purposes of fitting them

46 Re Montague’s ST [1987] Ch 264 (personal chattels).
47 BCCI (Overseas) Ltd v Akindele [2001] Ch 437.

48 Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch), [2013] Ch 156 at [132].

within some well-established rules of private law. To that extent, there should be no absolute reason against a trustee acquiring them as means of payment or forms of investment.

But even putting the arguments at their strongest, the doubts about how cybercurrencies would be accommodated in private law should give a reasonably prudent trustee real cause for concern. The things that may be technically possible in private law are not necessarily prudent for a trustee to undertake.

NZLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback