1. Home >
  2. Perspectives >
  3. Data and privacy >
  4. RPC Law x Web3: If There's Something Strange in the Web3 World, Who You Gonna Call?

SHARE:

Subscribe

RPC Law x Web3: If There's Something Strange in the Web3 World, Who You Gonna Call?

06 December 2022. Published by Selina Toh, Senior Associate and Nicholas Lauw, Partner and Yuankai Lin, Partner

"And the way we win is by creating a new, democratic, decentralised internet, one where the behaviour of companies like this will be impossible forever. One where it is the users, not the kings, who have sovereign control over their data." - Richard Hendricks, in the HBO TV Series "Silicon Valley", portrayed by Thomas Middleditch

What is Web3? 

Web3 (otherwise known as Web 3.0) is viewed as the next iteration of the world wide web. A main advantage Web3 is touted to have over its predecessors is that it is built on the basis of a decentralised IT architecture, the Blockchain. Through decentralization, Web3 has the potential to shift control over data and digital assets away from the "big tech" companies towards individual users. 

However, decentralisation is a double-edged sword, especially when there are no central regulators to ensure Web3 users comply with the laws.  

In DeFi-ance of the Laws 

Synonymous with the rise of Web3 is the emergence of a new ecosystem known as decentralised financing (DeFi), which uses cryptocurrency and blockchain technology to manage financial transactions. DeFi transactions are run by protocols or autonomous programs which promotes direct peer-to-peer (P2P) transactions and eliminates traditional middlemen such as banks.  

The Web3 and its DeFi constituent are no strangers to fraudulent activity and other criminal acts given their decentralized nature. According to a report by CertiK, a blockchain auditing and security company, Web3 projects have seen approximately USD 2 billion worth of stolen digital assets in the first six months of 2022.  Some of the largest crypto hacks this year were also conducted on DeFi protocols, including the hack of over USD 600 million from gaming-focused blockchain network that supports the popular video game Axie Infinity. 

Asset Recovery

The constant state of evolution and development of technologies has given rise to more nuanced and complex forms of scams and other crimes that are hard to predict, making the Web3 a convoluted area to administer. It remains to be seen whether new laws and regulations are required to govern the unprecedented changes that are underway, as users attempt to navigate their way through the unchartered waters of the Web3.  The jury is out as to whether new areas of law have to be cultivated to cater to this brave new world. In the meantime, potential plaintiffs will have to rely on the more traditional inventory of interim relief for asset recovery:-

a. Mandatory/Prohibitory Injunction: a victim may apply for a mandatory or prohibitory injunction which respectively compels or restrains (as the case may be) any person from performing specific acts in respect of the stolen digital assets. 

b. Mareva injunction (or freezing order): a victim may apply for a freezing order to seize and secure stolen digital assets. An application for a Mareva injunction is usually taken out at the same time as commencement of the civil proceedings, so as to ensure that the defendant does not have notice of the proceedings and time to shift assets.

c. Anton Piller order: to obtain evidence required for a civil suit, a victim may apply to search premises and seize evidence by way of an Anton Piller order. Similar to a Mareva injunction, this is usually done at the same time as commencement of the civil proceedings, so as to ensure that the defendant does not have notice of the proceedings and time to destroy evidence. 

d. Third party discovery: where documents and/or information are required in furtherance of commencing civil proceedings, a victim may apply to obtain the said evidence from a third party (instead of the defendant) under certain circumstances. This is useful, for instance, for the victim to trace the property which he/she has been defrauded of to the wrongdoer where the identity of the defendant has not been identified.  

In CLM v CLN [2022] SGHC 46 ("CLM") which involved cryptocurrency theft, the Singapore High Court granted a proprietary injunction and a freezing order against persons unknown as the description of the unknown defendants was sufficiently certain to identify both those who are included and those who are not. The court also considered that cryptocurrencies satisfied the legal characteristics of property as they were definable, identifiable by third parties, capable in its nature of assumption by third parties, and have some degree of permanence or stability.  In granting the freezing order, the court was alive to the heightened risk of dissipation in the virtual world where digital wallets may be created to frustrate any tracing and recovery efforts, and where cryptocurrencies may be transferred swiftly with the click of a button. The plaintiff also obtained disclosure orders against the cryptocurrency exchanges (where portions of the stolen cryptocurrency assets had been transferred) to understand what remained of the stolen crypto assets and their whereabouts. 

Commentary

While the Web3's blockchain technology boasts tightened security due to its ability to log the digital footprints of every single transaction, users need to be aware of its potential vulnerabilities and exploits in order to better safeguard their digital assets. Users may seek solace in recent legal developments such CLM which demonstrates the Singapore courts' willingness and ability to apply traditional legal principles towards the modern digital world, in order to come up with practical legal remedies for the victims of such crimes.