.png)
4 months ago
1
The Braunschweig Higher Regional Court (OLG) has made a far-reaching decision that is likely to have implications for the criminal prosecution of "thefts" of crypto assets in Germany. The case concerned the question of whether cryptocurrencies worth around 2.5 million euros, which had been taken from their rightful owner by an allegedly unauthorized transfer, may be seized to secure possible compensation. The Göttingen Regional Court overturned a corresponding seizure order issued by the public prosecutor's office. The Higher Regional Court confirmed this step as there was no initial suspicion of a criminal offense. The accused thus escapes legal punishment.
This is how the 1st Criminal Senate of the second instance described the facts of the case in its judgment of September 2024, which has since been published (case reference: 1 Ws 185/24): A defendant was faced with the accusation of having unlawfully appropriated 25 million digital, unspecified coins. Accordingly, he helped another person – the later injured party – to set up a digital wallet for a token project. In doing so, the accused gained access to the password seed phrase required for access, which consisted of 24 words. The accused then allegedly transferred the crypto values from the victim's e-wallet to two other wallets that did not belong to the victim.
The OLG initially stated: According to Section 242 of the German Criminal Code (StGB), theft is the "taking of another's movable property". However, cryptocurrencies such as Bitcoin or Ethereum are not to be regarded as "things" within the meaning of the law, as they do not have a physical, corporeal existence. Instead, they are digital assets, or more precisely, entries in a decentralized blockchain. Theft in the physical sense is therefore conceptually excluded, which rules out the offense of theft from the outset.
Hacker paragraphs do not apply
The Braunschweig judges also looked at other potential criminal offenses that could be relevant in such cases. They came to similar restrictive conclusions. The Senate rejected classification as computer fraud (Section 263a StGB), as the unauthorized transfer of cryptocurrencies generally lacks the characteristic of "unauthorized influence on the result of a data processing operation" required for this offence.
In particular, a transaction in the blockchain system should not be considered a "declaration" or "deception" in the sense of computer fraud, according to the ruling. In contrast to online banking, for example, where entering a TAN can be interpreted as an implied declaration of authorization for the transaction, the crypto transaction is carried out by simply entering the private key. This triggers the transaction directly in the decentralized system. There is no "co-declaration of authorization" for the transfer, which would be characteristic of computer fraud. The system only checks the validity of the key, not the authorization of the acting individual in the sense of a human declaration of intent.
According to the OLG, there is also no criminal liability for spying on data (Section 202a StGB). This clause protects information that is "specially secured against unauthorized access". If private keys or passwords are obtained through inadequate security measures, such as through an open notebook or through social engineering, the decision states that there is no "special protection". This would only be the case if, for example, a technical device such as encryption or an external protective measure had to be overcome.
Civil law procedure remains open
The court also dealt with the section on data alteration (303a StGB). It acknowledged that the transfer of tokens in the blockchain is technically a modification of data. Nevertheless, the court did not consider the defendant to be a perpetrator. The Senate justified this by stating that the actual alteration of data is not carried out directly by the accused, but by the network of operators who confirm transactions. Even indirect causation was not sufficient for the court, as the control over the blockchain entries ultimately lies with the network participants.
According to criminal law expert Jens Ferner, the decision represents a "quite surprising turning point" in practice: investigating authorities that reflexively resorted to Sections 202a or 303a of the German Criminal Code (StGB) to sanction token transfers under criminal law would increasingly have to expect acquittals or the discontinuation of proceedings in future. In the present constellation, "virtual theft" remains a civil, but not a criminal offense. However, anyone who gains access to a wallet is in any case acting in a criminal environment. The bottom line for the lawyer is: "Criminal law is not an all-purpose weapon against every form of digital disloyalty, nor should it be." However, it is questionable whether the OLG's view will prevail in the long term.
(mack)
