Case of stolen ether results in first crypto-related criminal sentence issued in Argentina

The Block is delighted to bring you expert cryptocurrency legal analysis courtesy of Stephen Palley (@stephendpalley) and Nelson M. Rosario (@nelsonmrosario). They summarize three cryptocurrency-related cases on a weekly basis and have given The Block permission to republish their commentary and analysis in full. Part I of their analysis, Crypto Caselaw Minute, is below.

This week’s CCM looks at just what passes for an asset these days, takes a look at when escrow services go wrong, and we are lucky to have a guest post from attorney Andrés Chomczyk who breaks down a recent criminal case in Argentina concerning the theft of ether from an exchange. (As always, Rosario summaries are “NMR” and Palley summaries are “SDP”, and for this week our guest summary is labeled “ACH.”)

Disclaimer: These summaries are provided for educational purposes only by Nelson Rosario [twitter: @nelsonmrosario] and Stephen Palley [twitter: @stephendpalley]. They are not legal advice. These are our opinions only, aren’t authorized by any past, present or future client or employer. Also we might change our minds. We contain multitudes.

[related id=1]P., H. M. s/ defraudación informática en concurso real con violación de secretos y de la privacidad, (Third Division of the Criminal Court the Province of Chaco, Argentina, 11/21/2018) [ACH]

Link to opinion

On November 21st, 2018 the third division of the Criminal Court of the Province of Chaco, Republic of Argentina (the “Court”) issued the verdict in the case “P., H. M. s/ defraudación informática en concurso real con violación de secretos y de la privacidad”. This is the first criminal sentence issued in Argentina regarding cryptocurrency theft.

The events that motivated the case are as follows. Between the 14th and 16th of December in 2017, Mr. H. M. P. conducted a cyber attack on the exchange Mercury Cash. As part of the attack, H.M.P. managed to access the Company’s systems and carry out ether transfers to accounts he kept on other platforms, and later transferred them to a wallet on his phone. The attacker was identified by the exchange through the IP addresses of the devices used to gain access to the system. Moreover, the attacker was able to be identified thanks to the collaboration between the different exchanges involved, since most of the addresses where the ethers were sent belonged to other exchanges. It is worth noting that the hacked exchange collaborated with the Argentine authorities and provided full disclosure regarding how they operated, what security measures were in place, and provided all information necessary to convince the judge of the identity of the hacker in order to obtain a search warrant of his house and personal devices.

Considering the facts, the accused was brought up on charges of cyber fraud and violation of secrets and privacy (section 173 subsection 16 and section 153 subsection 2nd), after a request for an abbreviated trial, the defendant admitted his culpability concerning the facts. As part of the trial the Court considered the fact that the accused defrauded the owners of Mercury Cash through the cyber attack, and generated the loss of a considerable sum of ethers. At the same time, the Court considered that it was appropriate to impose a heavier penalty than normal since the fraud had fallen on a financial services provider. In this regard, the Court concluded that Mercury Cash, a cryptocurrency exchange, was the same as a financial institution regulated by the Argentine Central Bank. This conclusion is in clear contradiction of the official statement issued by the Argentine Central Bank back in 2014 where they indicated that cryptocurrencies were not under its reach to be regulated.