Last month saw the collapse of a foundational member of the Bitcoin community, Mt. Gox. A class action lawsuit, that will likely be one of many, has been filed in Illinois against former the bitcoin exchange industry leader, its parent companies, and Mark Karpeles, Mt. Gox’s sole director (Gregory Greene v Mt. Gox Incet al, U.S. District Court, Northern District of Illinois, No. 14-01437). The exchange has filed for bankruptcy protection in Japan and, subsequent to the institution of class action proceedings, in the United States as well.
Although the bankruptcy filing temporarily suspends the class action, the suit raises important questions about the standard of care incumbent on crypto currency exchanges and similar services in safeguarding and protecting information and assets from being accessed, stolen, or otherwise harmed. Calls for regulation from the conventional financial services industry and within the Bitcoin community have been a primary outcome of the Mt. Gox debacle. This is not surprising because significant regulatory interventions, especially in the financial services sector, tend to follow crises, whether they are real or perceived (Christopher Nicholls, Financial Institutions: The Regulatory Framework, LexisNexis, 2008 at 36). However, this lawsuit may also shed light on industry practices and the technologies behind them, of which many are currently being developed, that aim to cultivate a robust self-regulating and transparent environment for Bitcoin exchanges and services that manage and or hold assets.
The claim filed by Gregory Greene individually and on behalf of class members, includes several causes of action stemming from the closure of the site and loss of what is currently estimated at $475 million dollars worth of bitcoins, as measured at today’s price. The chief allegations are consumer fraud and that Mt. Gox “wrongfully induced Plaintiff and the Classes to purchase its services and provide it with Fiat Currency and bitcoins (sic)” (par. 64). The underlying substance of these claims is that Mt. Gox made false representations regarding the utility, safety, privacy and security of the Mt. Gox website and exchange. Specifically, Mt. Gox falsely promised that the service would protect user’s bitcoins and fiat currency and safely and quickly allow them to buy, sell, trade, or withdraw the same at any time. To be successful under this claim, it must be demonstrated that, had consumers known of Mt. Gox’s true business policies, practices and procedures, the class members would have paid substantially less for Mt. Gox’s services, or would not have paid at all (par. 56). For the allegation of “fraud in the inducement”, the plaintiff will seek to prove that Mt. Gox perpetrated a fraudulent scheme in falsely leading consumers to believe that the exchange was safe and secure, and that users’ would be able to freely deposit and withdraw fiat currency and bitcoin at any time (par. 68). Though not specifically addressed, users are also irate over Mt. Gox’s reassurances that the site was merely experiencing temporary technical difficulties, when it is largely speculated that the company was in fact insolvent.
In addition to punitive damages, the amounts that the plaintiff is claiming is based on the injury suffered. According to the proceedings filed, this amount is the price of bitcoins and fiat currency that were lost, stolen or “misused” by Mt. Gox, as well as the loss of value in those bitcoins that the claimants were prohibited from selling. Damages claimed also include the difference between the price the claimants paid for Mt. Gox’s services as promised and the diminished value of those services in light of the actual utility, safety and security of Mt. Gox (par. 60-61, 69).
Perhaps most interesting to the broader evolution and maturation of the bitcoin exchange industry, will be whether any legal precedent arises from the court’s analysis of the claims of Mt. Gox’s negligence and breach of fiduciary duty, should this case ever go to trial. Establishing the fault of negligence and a breach of fiduciary duty often depends on established legal and industry standards to demonstrate a divergence therefrom and subsequent fault. The proceedings accuse Mt. Gox of “failing to implement industry-standard protocols and exercise reasonable care in light of foreseeable risks in maintaining, protecting and safeguarding the Plaintiff’s bitcoins and Fiat Currency within Mt. Gox’s control” (sic) (par. 74).
The finding that Mt. Gox failed to maintain appropriate data management and security measures necessarily requires an examination of what procedures are currently in place on bitcoin exchanges, and whether these measure are sufficient. It could also provide guidance on what the standard of security procedures should be in order to avoid legal liability. The proceedings assert that Mt. Gox “had a duty to employ procedures to detect and prevent the improper access and misuse of Plaintiff’s and the Classes’ bitcoins and Fiat Currency and also to allow them complete access to the same (sic).” (par. 73).
The bitcoin exchange industry is rapidly evolving, new entrants continue to emerge and no one exchange can be said to have market hegemony. Given the infancy of this industry, it is not obvious what the standard of care is for a bitcoin exchange and whether industry standard protocols can be said to exist. This is why today, more than ever, the Bitcoin ecosystem requires that a robust, transparent and accountable self-regulatory regime be developed and implemented to provide confidence to all users: early adopters, new entrants, and larger institutional investors, alike. The issues raised in this suit are one way that the Mt. Gox fallout could be good for Bitcoin. Not only does the collapse eliminate weaker operators, it will prompt more robust self-regulation and best practices among bitcoin exchanges and service providers in order to compete for the confidence of users. Many “bitcoin 2.0” projects are currently developing tools to implement procedures that will mitigate the risks of storing and transacting with digital-assets and fiat currency on an exchange.
The end of Mt. Gox may be seen as an opportunity for the development of industry best practices; a process that will benefit from the participation of businesses and industry groups such as The Bitcoin Foundation and the Bitcoin Alliance. More specifically, it may also incentivize the Bitcoin industry to expedite the implementation of cryptography based self-auditing and protection mechanisms. These cryptographic-based tools, which include, inter alia, escrow solutions, mechanisms to prove solvency, and disclosure of proprietary information, seek to eliminate information asymmetry and will likely be important to industry player’s competing for consumer confidence.
A cautionary note: The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.
(Disclosure: Ms. Friedman is counsel at the Bitcoin Embassy.)