Cyberlaw

Singapore’s First Action against Unknown Persons on Cyberspace

I am happy to announce that my book “Foong’s Malaysia Cyber, Electronic Evidence and Information Technology Law” was recently featured in the Singapore High Court case of CLM v CLN and others [2022] SGHC 46.

The case had referred to our High Court case of Zschimmer & Schwarz GmbH & Co KG Chemische Fabriken v Persons Unknown & Anor which had quoted my commentary in para [8.098] to [8.100] of my book (reproduced below) regarding actions against persons unknown.

CLM v CLN and others [2022] SGHC 46

The Singapore High Court dealt with two (2) interesting and novel points of law.

First, can stolen cryptocurrency assets be the subject of a proprietary injunction?

Second, does the court have jurisdiction to grant interim orders against persons whose identities are presently unknown?

Brief Facts

The plaintiff had commenced an action to trace and recover 109.83 Bitcoin (“BTC”) and 1497.54 Ethereum (“ETH”) (collectively, the “Stolen Cryptocurrency Assets”) that were allegedly misappropriated from him by unidentified persons (ie, the first defendants), a portion of which has been traced to digital wallets that were controlled by cryptocurrency exchanges with operations in Singapore (ie, the second and third defendants).

The Court granted the plaintiff an ex parte proprietary injunction against the first defendant from, among others, dealing with the Stolen Cryptocurrency Assets, and a worldwide freezing injunction.

Action against persons unknown

The Singapore High Court held that there is nothing in their Rules of Court (Cap 322, R5, 2014 Rev Ed) (“ROC”) that requires a defendant to be specifically named. O 2 r 1 of the ROC expressly provides that even if the commencement of proceedings against persons unknown contravenes the ROC, such a contravention is treated as a mere irregularity, and will not result in the nullification of proceedings unless the court exercises its discretion to order the same.

Like how our Court had relied on O. 89 of the Malaysian Rules of Court 2012, the Singapore High Court held that O. 81 of the ROC allows for a reference to persons unknown in summary proceedings for possession of land.

Hence, the Court held that it has the jurisdiction to grant interim orders against the first defendants, who are persons unknown.

Further, the Singapore High Court held that the description of the first defendant must be sufficiently certain as to identify both those who are included and those who are not. In the present case, the plaintiff has sufficiently defined the first defendant as “any person or entity who carried out, participated in or assisted in the theft of the Plaintiff’s Cryptocurrency Assets on or around 8 January 2021, save for the provision of cryptocurrency hosting or trading facilities“.

Stolen cryptocurrency assets as subject matter of a proprietary injunction

The Singapore High Court held that there is a serious arguable case that the plaintiff has a proprietary interest. Cryptocurrencies are a form of property. The Court adopted the test from the English case of National Provincial Bank Ltd v Ainsworth [1965] AC 1175, which defined the term property rights, and held that-

  1. The first requirement is that the right must be “definable” – the asset must hence be capable of being isolated from other assets whether of the same type or of other types and thereby identified. To this end, cryptocurrencies are computer-readable strings of characters which are recorded on networks of computers established for the purpose of recording those strings, and are sufficiently distinct to be capable of then being allocated to an account holder on that particular network.
  2. The second requirement is that the right must be “identifiable by third parties”, which requires that the asset must have an owner being capable of being recognised as such by third parties. An important indicator is whether the owner has the power to exclude others from using or benefiting from the asset. In this vein, excludability is achieved in respect of cryptocurrencies by the computer software allocating the owner with a private key, which is required to record a transfer of the cryptocurrency from one account to another.
  3. The third requirement is that the right must be “capable of assumption by third parties”, which in turn involves two aspects: that third parties must respect the rights of the owner in that asset, and that the asset must be potentially desirable. The fact that these two aspects are met by cryptocurrencies, is evidenced by the fact that many cryptocurrencies, certainly BTC and ETH, are the subject of active trading markets.
  4. The fourth requirement is that the right and in turn, the asset, must have “some degree of permanence or stability”, although this is a low threshold since a “ticket to a football match which can have a very short life yet unquestionably it is regarded as property”. In this respect, the blockchain methodology which cryptocurrency systems deploy provides stability to cryptocurrencies, and a particular cryptocurrency token stays fully recognised, in existence and stable unless and until it is spent through the use of the private key, which may never happen.

The Singapore High Court held that the balance of convenience lay in favour of granting the proprietary injunction. If it were not granted, there would be a real risk that the first defendants would dissipate the Stolen Cryptocurrency Assets, which would prevent the plaintiff from recovering those assets even if he successfully obtained a judgment in his favour. Conversely, even if the plaintiff’s case were later refuted, the first defendants would only suffer losses arising from their inability to deal with the Stolen Cryptocurrency Assets, which could be compensated by way of damages.

Worldwide freezing injunction

The Singapore High Court also granted the worldwide freezing injunction to restrain the first defendants from dealing with, disposing of, or diminishing the value of, their assets up to the value of the Stolen Cryptocurrency Assets.

The learned Judge was of the view that the first defendants dissipated the stolen assets through a series of digital wallets that appear to have been created solely for the purpose of frustrating the plaintiff’s tracing and recovery efforts, and which had either no or negligible transactions other than the deposit and withdrawal of the Stolen Cryptocurrency Assets.

Moreover, the risk of dissipation in the present case is heightened by the nature of the cryptocurrency: the Stolen Cryptocurrency Assets are susceptible to being transferred by the click of a button, through digital wallets that may be completely anonymous and untraceable to the owner, and can be easily dissipated and hidden in cyberspace.

Ancillary disclosure orders

Ancillary disclosure orders were also made against the second and third defendants to disclose to the plaintiff the current balances of the second and third defendants’ accounts that were credited with BTC and ETC that are traceable to the Stolen Cryptocurrency Assets, and information and documents collected by the second and third defendants in relation to the owners of the relevant accounts in the second and third defendants and details of all transactions involving the relevant accounts in the second and third defendants from the dates on which the stolen assets were credited against the accounts.

LexisNexis Malaysia – The Lawsome Profession

I was featured in LexisNexis Malaysia’s Lawsome Profession series. This series features interviews of Malaysian lawyers in their respective professions.




Interested to know more about #IntellectualProperty and #Cyberlaw ?

Foong Cheng Leong is the Partner at Foong Cheng Leong & Co. He focuses in the areas of Intellectual Property and Information Technology, Cyberlaw, Franchising, Data Privacy and Gaming Law. Cheng Leong is also a registered trademark, industrial design and patent agent. He is the Chairman of the Kuala Lumpur Bar Information Technology Committee and a member of the Malaysian Bar Intellectual Property Committee. He regularly assists the KL Bar and the Malaysian Bar on matters regarding Intellectual Property, Internet Law and Data Protection.



“When I first joined Lee Hishammuddin and Allen & Gledhill as a pupil, I was assigned to the Intellectual Property (IP) department and I got retained in the department after my pupillage. I didn’t have the opportunity to try other practice areas although I wanted to do litigation. However, IP was interesting to me because I got the opportunity to do corporate IP involving trademark, copyright, trade secrets, patents, and other intangible rights for many services and products, as well as IP litigation where it involves dispute matters. A senior partner once reviewed my CV and saw that I could build websites and suggested that I try out Information Technology and Cyber Law. I did and I’ve not looked back since. He also encouraged me to start writing articles on it and contribute them to the Bar website.

IP is my bread and butter. In my firm, we do a lot of IP and trademark registration, patent, industrial design and copyright matters. Our work includes protecting clients who get sued for infringement, registering and protecting their IP overseas, franchising and licensing. To practice IP, you need to understand the nature of a commercial transaction, intangible rights and basic contract law. IP has a lot of aspects to it: you can be a corporate IP lawyer, litigator, criminal where you represent people who are charged with counterfeiting, and even an administrator where you ensure the IP is registered. It is a very established area; we have IP cases dating to the 1800s. Even in China, there are trademark cases dating 300-400 years back. There are many materials that you can read.

IT and Cyber Law is a new area of law and it’s very interesting because it comes with all sort of issues. For example, we have been asked to file court action to discover identity of a person behind a social media account, advise client on how to take down private photos of themselves, how to block a website or close it, and even getting Facebook to share information of a deceased person.

For you to excel at IT and Cyber Law, it’s important to understand technology. You need to understand how computers and networks work, how the technology works, what is an IP address, what is a timestamp, you need to understand all the tech jargons, and these are the things that you don’t get to read in a law book. You also have to be tech-savvy. I had a case where the client was charged for deleting the database of his company. He said he didn’t do it, but evidence indicated that he did. I managed to figure out that his IP address at the time was dynamic, and that anyone could access his account from anywhere. From there, we cross-examined and the internet service provider and they confirmed that to be true. We also found that his computer was stored by a third party at that point of time, so he couldn’t have done it.

From young, I was interested in how electronics worked and how things connected to one another. I used to take my CPU apart and install it again. I even took apart my parents’ video cassette recorder and alarm clock, I also learnt how to build a computer network. It helped me to understand how electronics work, for example, why there is a chip, transistor, or power supply. From there I understand that if I want to connect to the internet, I need a modem. If I want to build a network, I need a hub, and if I want to store data outside the hub, I need a server. Back then, we didn’t even have Google to search for all these!

I think the law should catch up with technology. For example, how do you get information of people who defame you online? People are using all sort of avenue to hide themselves and they use servers and providers outside of Malaysia. How do we ensure we can make it easier to get information? One thing we can do for this is to get a Treaty signed by all countries. For example, if the legal system requires a citizen of a certain country to provide information, the government should be able to release it based on certain safeguards. So far, we don’t have such law and it’s very difficult and expensive to get data because everyone is very protective of their data. Only the rich could afford to get the information.

I think it’s important for young lawyers to write a lot of articles, participate in talks and be out there to show their skills. Personally, I like to share my knowledge and information through articles. As a lawyer, we should share information with our peers, we shouldn’t be stingy because the more you share the information, the more we will push for law reforms, then more people will know about it and it allows more people to seek compensation if they are the victims or aggrieved parties.”

More: Video Interview

 Scroll to top