Outline of issues encountered toward resolving a fraud situation through non-judicial and judicial communication with law enforcement and relevant cryptocurrency exchanges as part of the US Federal District Court case Clayton et al v Does, 2:24-cv-00182-JLR, Western District of Washington, Documents 18, 19, 20. September 2024.
Christopher Clayton
09/15/2024
Common issues encountered in interactions with law enforcement and cryptocurrency exchanges toward solving fraud; Document 20
The following was rendered in support of legal assertions, but largely outlines the overall impacts on the specific case due to the non-response of both law enforcement and relevant cryptocurrency entities over a fraud scenario with a conclusion as to why companies maintaining functioning consumer reporting systems should matter to society. This focuses on the rationale in having effective response systems for cryptocurrency as a fiat-valued asset (Know Your Customer and other data controversy-resolving mechanisms) in particular, and the general market context of responsiveness levels.
I. RELEVANT ENTITIES' CONSTANT APPEALS TO LAW ENFORCEMENT AUTHORITIES
1. Legal entities associated with the third-party cryptocurrency exchanges with which Plaintiff 2 has attempted to directly cooperate toward financial recovery for Plaintiff 1 or for the production of electronic information have consistently appealed to law enforcement authorities in general as their primary or exclusively offered solution in response to conversion events that took place, both in their policies and emailed communications (no specific law enforcement agencies or jurisdictions suggested in such appeals to other authorities). This also entailed exclusively exhorting Plaintiff 2 to be the one to initiate contact with law enforcement, and/or advisements on respective platform web pages advising as much. Only CEX.IO LTD has cooperated in other ways thus far, and at that, it still required additional prodding by Plaintiff 2 after delivery of a subpoena.
2. In the United States, the Internet Crime Complaint Center (IC3) reported that the FBI investigated $758m out of $12.5b in Internet-related fraud in 2023, with a reported 71% recovery rate only pertaining to the total it did investigate [IC3 2023 Annual Report pages 10]. That translates to an actual total recovery rate of 4.3% against the total reported Internet fraud. $3.96b of the total reported fraud involved cryptocurrency investment scams [Id. page 12]. Plaintiff 2 outlined in the Document 5, Attempts At Recovery section practical steps taken to seek US law enforcement attention both at local and Federal levels, including contracting a consulting service with Federal contractor status which offered to utilize its law enforcement connections, with unsurprising results relative to IC3's reporting, in spite of Plaintiff 2's estimation that some such route would yield progress toward recovery. Plaintiff 2 does not have expertise in law enforcement matters and only began researching further about the mechanisms of how US law enforcement cases are generated in different circumstances after his attempts at communication.
a. The contract into which Plaintiff 2 entered with that particular cryptocurrency consulting service in itself has ended up becoming its own side-dispute over achieving any verifiable result with law enforcement, or even to receive verifiable proof of any sort that the service actually minimally attempted to contact law enforcement at all.
3. The reality for US citizens, potentially varying by city, State or Federal resources, is that law enforcement agencies do not necessarily consider existing evidence as criteria to initially review accepting an Internet fraud situation as a case in the first place. Plaintiff 2 conducted an amateur blockchain trace and compiled initial evidence in MS Excel by himself at that, and then utilized 'blockchain searchers' in Binance's parlance (professional cryptocurrency tracers) to formalize the evidence (services that completed their own independent traces as a way of formalizing the evidence). None of the local or Federal reporting systems that Plaintiff 2 utilized, as reported in Document 5, Attempts At Recovery section (the IC3, Seattle Police Department), as well as the Federal Trade Commission's reporting system which Plaintiff 2 utilized in the form of case # 151442926 which has also not yielded a productive reply, allowed for the detailed upload or submission of evidentiary documents up front.
4. Locally, Seattle City staff did not offer to review evidence on September 12th, 2022 before concluding that Seattle Police Department could not take the case as presented over the phone, suggesting to try submitting to the IC3 or to SPD's online case page. However, Internet fraud is not an explicit option for online reporting in Seattle's enforcement jurisdiction, and may not be a crime that can be classified as having been committed within Seattle city limits to meet that mechanism's reporting requirements given the cross-border nature of where the cryptocurrency was transferred [Seattle Police Department, Online Reporting]. Plaintiff 2 was not able to speak directly to a detective. Washington State's Office of the Attorney General also exhorts victims to contact the IC3, and Plaintiff 2 could not find a way to submit cases directly to that Office in his status as someone without law enforcement connections and without expertise in such matters [Washington State Office of the Attorney General].
5. The only other reporting route Plaintiff 2 can think of via US law enforcement agencies in hindsight is the Secret Service. However, in any event, Plaintiffs' efforts moved to forming a legal case against Does after the multiple initial failures to establish productive contact with US law enforcement in any form, and after the continual failure to learn any new information from a consulting service with Federal contractor status or to establish productive contact with law enforcement via its services.
II. COMMON ORGANIZATONAL RESPONSIBILITIES
1. All operational legal entities associated with the platforms ought to store or otherwise have access to fundamental identifying data about platform users as a matter of course within the context of a robust Know Your Customer and anti-money laundering set of protocols given the type of business activity in which they are each involved (cryptocurrency custody and trade services). The marginal cost of maintaining each set of electronic data should be exceedingly small, not counting the fixed costs for data centers that store terabytes worth of total data, if not at an even greater magnitude of storage, which is reasonably required in the scale of the online businesses related to this case. In the context of this case, so far only the CEX.IO platform has demonstrated that it understood its customers' identities during the period in controversy.
2. Each discovery situation on the balance then does not involve traditional costs for the preservation and retrieval of evidence, such as physical items and paper documents, which further raises the question as to why relevant legal entities will not or cannot produce relevant electronic data, or otherwise will not enter formal responsive pleadings (Binance, OKG Tech). The fundamental personally identifiable information involved in this controversy is not privileged because it would have been known from the outset if not for the pseudonymous nature of cryptocurrency transactions and the inability of third parties to research basic information about platform users in relation to specific transaction IDs, data which they should be maintaining as part of a robust Know Your Customer regime, even if not publicly visible. The registrants of the web domain via which the cryptocurrency was initially converted (vip.biitflyeir.com) could be distinct Does from those who immediately benefitted via transfers to cryptocurrency accounts on Binance, CEX.IO and OKX, but that is a separate discovery matter toward identifying all possible Does. All possible distinct Does need to be discovered from all sources that are supposed to have fundamental identifying information in order to accord all direct proportionate responsibilities for tort damages. Otherwise, it follows that those entities who have not maintained their share of relevant data assume proportionate responsibility.
3. The principal places of business of cryptocurrency platforms related to this case enjoy brand protection under the United States Patent and Trademark Office through trademark registrations that bear the names of their platforms and associated cryptocurrency wallets acting as website-mediated exchanges, and each one maintains US subsidiary and/or affiliate entities. However, Binance and OKG Tech have not produced relevant electronic information after a third-party US citizen (Plaintiff 1) was harmed by Binance and OKX platform users, either because they do not want to by policy or organizational inertia, because they are exclusively concerned about data privacy laws/blocking statues or because they cannot do so after having failed to collect and store such data. Regardless, they should have an idea of the potential for such risks of harm and thus the relevancy of having systems to reasonably store, investigate and report fundamental information about platform users when appropriate, let alone the consideration of US law on the matter. The data is not complex and thus shouldn't entail any particular preparation burden to provide if it has actually been collected and stored to scope.
4. In addition to the public tags of the cryptocurrency wallets involved in this controversy matching the registered marks of the legal entities and thus of their web platforms, the amount of trade volume passing through the wallets attests to the entities' responsibility over the wallets. It would be unlikely that these brands would allow unrelated operations of such scale to use their trademarks unchallenged. The Binance 14 wallet (also referred to as Binance 5 or 'Binance. DepositAndWithdraw') has experienced over 20m transactions, the CEX.IO wallet (also referred to as 'CEX.IO. Deposit') has experienced over 600k transactions, and the OKX 7 wallet (also referred to as OKX 1 and 'OKX. DepositAndWithdraw) has experienced over 1.7m transactions. This is in line with the naming scheme of Coinbase, Inc.'s public tags for their exchange wallets associated with www.coinbase.com. I.e., Plaintiff 1's outgoing transactions to the fraudulent Book Exchange platform passed through 'Coinbase 3,' 'Coinbase 4,' 'Coinbase 5' and 'Coinbase 6.' Plaintiff 2 utilized www.etherscan.io and www.oklink.com in particular to research transaction IDs, the latter service having association with OKG Tech, but any blockchain browser can supply the same information.
a. Binance exchange wallet - 0x28c6c06298d514db0899340..........
b. CEX.IO exchange wallet - 0xc9f5296eb3ac266c94568d79...........
c. OKX exchange wallet - 0x5041ed759dd4afc3a72b8192c............
d. These wallets were originally noted in Document 5, however, two of them as listed then accidentally included extra leading alphanumerical symbols in front of an equals ('=') sign. The public IDs here (truncated to a leading '0x' in comparison) are the actual searchable wallet IDs associated with final transaction IDs in controversy.
III. MARKET ROLE OF CRYPTOCURRENCY EXCHANGES
1. Were it not for cryptocurrency exchanges in their current forms, the motivation to trade digital currency as a fiat-valued asset as well as to plan related fraudulent schemes would not exist in its current form. Their trade volume-based algorithms have directly associated various cryptocurrencies, such as Bitcoin and Ethereum, to fiat value through automated price offerings. They have also facilitated the trade of 'stablecoins,' cryptocurrencies whose market value is presumably backed by stores of fiat currency, such as United States Dollar Tether's presumable backing by Tether Holdings' stores of USD. Such price offering patterns de facto determine the overall understanding of the fiat value of such cryptocurrencies through aggregate market reports utilizing such price data (e.g., Yahoo Finance, Google Finance). This is akin to what stock exchanges have done for company stock offerings and traditional commodity futures offerings.
2. The same level of influence on the understanding of various cryptocurrencies' fiat prices cannot be said of user-to-user trades or purchases of goods and services made directly with such cryptocurrencies given that there is no well-established means of determining a pattern of value that way for non-stablecoins to determine how much each coin is worth as an internal system of value in relation to various goods and services. I.e., there is not a comprehensive and statistically authoritative consumer price index based upon off-exchange transactions for any such coins. Stored volume on platforms' exchange wallets offered at the platforms' respective prices via web mechanisms acts as the most highly visible and expeditiously accessible supply of coins for procurement. Purchases or sales take place either via fiat currency or an exchange of coin types, but an 'exchange rate' is still ultimately determined in relation to fiat value. This is in contrast to private wallet holders generating more coins through various blockchains' 'proof of work' algorithms and validation by respective decentralized networks (digital 'mining').
3. These factors task cryptocurrency exchanges, and thus their associated legal entities, with responsibility over a particular market infrastructure that they have formed and sustained. The exchanges also act as custodians of hosted blockchain wallets to further facilitate this ecosystem, which they generate and host for user web accounts depending on which cryptocurrencies that each respective user wants to trade, facilitating such trades through wholly web-based mechanisms intermediating both ends of a given blockchain transaction (user's side as well as the given cryptocurrency exchange's side). This is in contrast to an entirely blockchain-initiated and accorded trade between two wallets that is not dependent on a web mechanism to intermediate mutual acceptance via a non-blockchain trigger event such as a credit card or bank account transaction.
4. Appealing to law enforcement as the primary mechanism of resolving the effects of cryptocurrency fraud, such as the transfer of converted cryptocurrency to a given platform's exchange wallets, cannot act as a substitute for retaining clear systems for victims to submit reports and civil documents as part of inherent Know Your Customer responsibilities. Relevant entities of such platforms should reasonably maintain robust and diverse money controls, anti-fraud protocols and complaint submission mechanisms due to the foreseeable risks of facilitating a trade system of cryptocurrencies acting as directly fiat-valued assets, and such protocols should be able to result in outcomes of some sort for victims beyond the flat denial of assistance. The platforms and associated entities in this case never voluntarily offered to review evidence as part of cursory responses that Plaintiff 2 was able to obtain in his original attempts at non-judicial cooperation, or they insisted evidence be submitted through a registered law enforcement officer.
5. US Court cases such as those launched by the Commodity Futures Trading Commission against various cryptocurrency platforms have attested to the scale of harm wrought by money laundering via cryptocurrency and related activities. This includes a responsibility to third parties due to the nature of the current industry for cryptocurrency as a fiat-valued asset where third parties can be harmed by fraudulent schemes surrounding such cryptocurrencies, with the platforms acting as terminating points in schemes by platform users residing anywhere globally, from which the platforms can profit through the resulting transaction fees in the least.
IV. COMMON IMPACT ON THIS CASE
1. Binance Holdings Limited and OKG Tech, as hold-outs in providing information about specific relevant Does, are preventing the identification of all Does that are currently defined by their cryptocurrency accounts on the Binance and OKX platforms. Even if these entities later provide information, the delay may result in or contribute to a staggered summoning of Does to this case. Ideally, all possible Does associated with transaction IDs in controversy would be simultaneously served alongside injunctions (asset freezes) being imposed against each identified cryptocurrency account to prevent the Does' ability to collude and move assets from such specific accounts as proceedings commence.
Specific issues encountered communicating with Binance.com through its web mechanisms; Document 18 select statements and conclusions
The following includes a legal assertion postulated as part of a Court Motion, but largely documents attempts at communicating with Binance.com.
II. Binance-related ANALYSIS
1. Binance Holdings Limited with incorporation in the Cayman Islands, as the overall beneficial owner (overall holding company) of a predominantly online business mixed up in this case (cryptocurrency platform at www.binance.com), and whose business involves an organizational structure without any specifically declared principal place of business or headquarters for core cryptocurrency custody and trade operations, has failed to timely respond to a US subpoena, either in the form of the electronic information commanded or through a responsive pleading filed with the Court. The company is entirely off-shore in that there is no accompanying on-shore office location and all of the corporate officers are in unrelated jurisdictions, e.g. the current CEO is domiciled in Singapore, and the Co-Founder/Chief Customer Service Officer is domiciled in the United Arab Emirates. This is verifiable through company profiles on websites such as The Wall Street Journal and Bloomberg, and from related user profiles on LinkedIn. Plaintiff 2 serviced the subpoena through registered mail, a means authorized by Document 10 after Plaintiffs were granted leave to serve subpoenas (Document 6).
a. It has been over 30 days since Binance, through its currently-known registered agent in the Cayman Islands, received the subpoena on August 8th, 2024. Binance was given less time than anticipated by Plaintiffs compared to the August 16th, 2024 production due date because of the delivery date, but a general standard of 30 days for responsive pleadings has now elapsed. The requested information is not complex relative to Binance Holdings Limited's duty to store or have access to such fundamental information about Binance platform customers.
2. There has been no communication with Plaintiff 2, whether in reference to registered mail or not, since Binance's agent received the mail. Given the limited means of initiating contact with Binance and its lack of reply, Plaintiff 2 has not engaged in further communication activity. Binance has not provided proportionate equitable relief, nor actively provided an opportunity to further discuss the topic.
3. Plaintiff 2 reported the fraud as a private citizen to Binance.US on September 8th, 2022, a platform also under Binance Holdings Limited's overall holding company ownership. Binance.US's immediate operating entity was not found to arise to alter ego status within the scope of substitute service of process for it to be treated as an authorized agent of Binance Holdings Limited in Document 10. Even so, it was found to be an affiliate of Binance in Federal prosecutors' investigations and a related Court case's judgment regarding schemes for Binance to expand Binance platform business in the United States despite Binance.US's status as a separate business and platform for US users. This increased the risk of www.binance.com users successfully committing money laundering and other activities due to a lack of money controls serving as a key feature of such business expansion strategies. Plaintiff 2 also attempted non-judicial notice of a subpoena to Binance's law enforcement communications service Kodex, Inc. which was also found as not treatable as an authorized agent in this particular matter, but nevertheless it is Binance's most prominent communicative intermediary on its website.
a. Though judicial claims for subsidiary/affiliate and intermediary entities to aid in attaining proportionate equitable relief from Binance Holdings Limited were terminated, regardless, Plaintiffs find the overall business structure of employing myriad legal entities and intermediaries to be an aggravating factor in Binance Holdings Limited's lack of responsive pleading to the subpoena because of the inherent confusion and additional difficulty it has brought to the process of seeking information in a situation involving a US fraud victim.
4. Binance in its Privacy Notice page at https://www.binance.com/en/privacy indicates that each geofencing entity in charge of different users has control over their respectively related personal data, with Nest Services Limited in the Republic of Seychelles covering 'all other users not registered with a locally regulated exchange'. Regardless, whether Binance Holdings Limited needs to work jointly to attain data with its geofencing entities (whether they be subsidiaries, affiliates or third-party data storage services) or can access the data by itself, accessing the data is its duty arising from the Binance platform's business contact with the Washington State forum through custody of Plaintiff 1's cryptocurrency and its beneficial ownership of the platform.
a. The page acknowledges that the various Binance entities may share data with one another, and that data may be shared with third parties as required by legal processes. Nest Services Limited in particular cannot be described as any more substantive than as a relative off-shore entity at that within this geofencing regime, and was incorporated in 2023 after transactions in controversy involved in this case had occurred, even if it can now be described as the most immediate and general geofencing/financial entity that serves to initially structure the platform's revenue and to provide a regulatory regime to accept most users. It cannot be found as a domestic Seychelles company in the regular business registry at https://www.registry.gov.sc/BizRegistration/WebSearchBusiness.aspx, and thus is likely an International Business Company registered with the Seychelles Financial Services Authority under a registered office acting as the registered agent (defined in the Seychelles Consolidated International Business Companies Act 2016 to 20th December 2021, page 21). The complete registrar for such companies is not seemingly available, either publicly or for a fee, on www.fsaseychelles.sc except for the subset of 'regulated entities.' The overall holding company Binance Holdings Limited is also in itself an off-shore entity due to the lack of domicile of any corporate officers in the Cayman Islands, but it is the only entity that can be construed as a principal place of business as the overall owner of the platform and as the registrant of the 'BINANCE' mark with the USPTO for cryptocurrency software-related goods/services.
b. Even if this entire business organizational structure with primary operations composed of off-shore entities is not taken to be a 'manipulation' to make it difficult to determine where data truly is stored or which entity immediately 'controls' data and thus which entity is most highly relevant to target in a command for data, especially relative to the fact that Binance data in controversy as currently known is pseudonymous versus the multiple number of geofencing entities that structure the platform, the authority of the US Bank Secrecy Act overrides any contractual relationship between Binance Holdings Limited and these other entities. The overall holding company as the beneficial owner (Binance Holdings Limited) and as the most relevant equivalent of a principal place of business has the ultimate duty to have access to this data as part of knowing its sources of revenue. Otherwise, a layer of protection is effectively afforded to fraudulent platform users.
5. Plaintiffs find that Binance Holdings Limited knows or ought to know about the potential for users of www.binance.com to harm third parties, especially after it was held liable to pay fines and was put under FinCEN Consent Order 2023-04 due to a lack of anti-money laundering protocols and resulting fraudulent activity by users, overlapping with the period in controversy. Plaintiffs find a lack of response to a subpoena in this context to be an aggravating factor. Binance ought to expect in its risk analysis regime the possibility of third-party individual victims anywhere globally seeking proportionate equitable relief due to these users' activities, users who took advantage of the ecosystem when Binance knowingly allowed lapses in its Know Your Customer regime to expand its business.
a. Binance Holdings Limited, despite now operating under Federal monitorship to bolster such deficiencies, continues to utilize a multitude of different legal structures and communicative intermediaries without declaring any counterpart on-shore entity for core cryptocurrency service operations and without any apparent currently active email addresses listed directly on its www.binance.com web domain; nor providing any other clear, expeditious means of direct contact on matters of fraud. This makes it inherently more difficult for fraud victims to report their situations to the platform. Its Cayman P.O. box still on file with the USPTO is also no longer in use by Binance, creating more obstacles to establish some form of contact. Cybertrace reported an email address to Plaintiff 2 as part of its technical evidence reporting, but because it isn't currently on www.binance.com in any apparent section of the site, it cannot be trusted to be active (Document 5-6, PDF page 9). Even if unintentional, this has the effect of providing protection to fraudulent Binance platform customers.
b. The Binance platform previously maintained a Disclosure Orders web page, but at some point, following the decision in Commodity Futures Trading Commission v Zhao et al, Northern District of Illinois, Document 80, pages 24-34, it switched to utilizing Kodex, Inc.'s case management system exclusively. However, that system focuses on law enforcement requests from law enforcement agents or law firms, which Plaintiff 2 was not able to non-judicially utilize per Document 7 (Kodex's rejection of aiding Plaintiffs), nor able to judicially utilize per Document 10 (not granted allowance to treat Kodex as an authorized agent in this matter or to utilize its case management software for service of process). Even so, it is now the most prominent means of contacting Binance as an online business on such matters with a direct link on the www.binance.com home page ('Law Enforcement Requests' link). Binance's Freezing and Disclosure Orders page at least provided a system of electronically submitting Court Orders. However, that page has not been active at least since January 12th, 2024 when Archive.org saved a copy of it with a 404 error. Archive.org last preserved a working version of the page on January 1st, 2024 at https://web.archive.org/web/20240101223254/https://www.binance.com/en/binance-legal.
6. Binance's encouragement for victims to report fraud to law enforcement per advisements in the Binance Support Center section of www.binance.com as its primary advise for bringing a given fraudulent situation toward recovery, and the narrowing of its own most clearly defined and visible reporting mechanisms down to a Massachusetts-based third-party law enforcement communication service (Kodex), is an aggravating factor in that US victims are relatively unlikely to receive support toward recovery through law enforcement means, as will be analyzed in a supplementary Document.
a. It's not necessarily Binance's responsibility to understand the likelihood of any particular victim's ability to obtain law enforcement attention, but even now after the FinCEN Consent Order 2023-04 was issued in November 2023, it still has not made publicly-apparent changes to its anti-fraud system to allow clearer accessibility for third party victims of Binance users to submit situations or cases with any certainty of receiving a reply outside of law enforcement mechanisms. None of the publicly-viewable protocols have seemingly been updated since August 2022, protocols in place before it was held liable for failing to maintain a robust money control system and before the platform's placement under US Federal monitorship, besides the switch to its utilization of Kodex, Inc. as an intermediary for law enforcement matters. The Disclosure Orders submission system at least allowed for the submission of Court Orders in discovery matters, but was wholly removed as part of that change, leaving a given victim to research which of the platform's myriad legal entities are most appropriate to target for relief. This is in spite of the known risk in the cryptocurrency industry for theft and money laundering in various cryptocurrencies' forms as fiat-valued assets which are traded on the Binance platform. Binance's proven lack of money control processes overlap with the period in controversy in this matter (May through August 2022).
b. The platform's most current advisory article on fraud from August 29th, 2022 [Binance Report Scams page] still advises to log in to a Binance account (not ordinarily possible for US IP addresses to create accounts) to make a report, or to manually submit a case through the automated chat system as a third party without an account. Plaintiff 2 never received a reply, automated or otherwise, after supplying his email address to the automated system on September 4th, 2022 with screenshots of the fraudulent website in controversy as described in Document 5, Binance Domestication Analysis. The chat system nominally generated a case ID then, but Plaintiff 2 missed noting it. In contrast, Binance.US at least utilized an email mechanism to cursorily reply to Plaintiff 2 in the form of ticket # 2528596 as part of a reporting system it maintained at least through 2022, even though such replies didn't materially advance Plaintiff 1's fraud situation toward recovery.
c. The article claims in paragraph 7 that Binance will make every effort to reply to a case, but may be 'prevented' from offering disclosure for various reasons, and thus encourages victims to contact law enforcement directly as its only other proposed alternative, claiming in paragraph 8 that law enforcement could then 'work with experienced blockchain searchers and investigate the theft further.' This largely repeats another Binance Support article from 2018, including advisement for victims to only talk to law enforcement for updates (assuming a law enforcement case is successfully started at all) because Binance would treat its own communications with law enforcement as 'confidential' [How to Report Stolen Funds Transferred to Binance].
d. In one of its Privacy sub-pages, Binance does state that Disclosure Orders can be submitted through the automated chat system, but this again entails trusting that the information is actually reviewed or gets uploaded at all, and this is not a prominent and obvious method of Court document submission compared to its previous dedicated Disclosure Orders web page.
7. Binance Holdings Limited has frustrated the potential recovery of money damages from specific Does (Binance users) regarding the following principal value, or at least of proportionate damages relative to the registrants of the fraudulent website involved in this case; and has also frustrated the possibility of determining if the Binance user Does are distinct from the fraudulent registrants by failing to provide data in controversy:
a. Transaction ID # 0x786d2453b1354e3431737da499816034a223a58824f3c6e39d3...........
b. Transaction ID # 0x81b014487c3d951f13d88791bca2de121871133fa69a0d........
c. Transaction ID # 0x81b014487c3d951f13d88791bca2de121871133fa69a..........
8. A further aggravating factor is that Binance likely gained revenue from fraudulent transactions in controversy, even though the exact amount is unknown to third parties without the discovery of related financial records. Cryptocurrency exchange businesses that comprise the market ecosystem for cryptocurrency as a fiat-valued asset typically earn revenue from transaction fees (Buy and Sell actions).
9. Considering the Hague Evidence Convention and the Aérospatiale case in more detail, Binance Holdings Limited could have a valid fear of violating a blocking statute or data privacy law regarding wherever data is stored (location indeterminate with publicly-available information), or the data privacy laws of jurisdictions of entities through which certain corporate officers operate. However, Plaintiffs' command has been limited and specific, is vital to the case (identification of all possible Does), involves data that cannot be accessed elsewhere because two transaction events in controversy terminated at the Binance platform, and is not a compliance hardship because the collection and maintenance of such data is expected as part of a Know Your Customer regime.
a. For reasons outlined in Document 15, Plaintiffs would still ask the Court to act as Applicant on a Hague Evidence Model Form to the Cayman Islands' Central Authority (a UK 'Other Authority') if the Convention were utilized toward international comity. Otherwise, Plaintiffs will need explicit authorization to act as Applicant to have a chance at getting anywhere directly with this Authority given the USA Central Authority's clause that 'any other person or entity authorized by the rules of the court' could act as Applicant. The Cayman Solicitor General's office has not recognized Plaintiffs as valid Applicants so far.
b. The primary geofencing entity Nest Services Limited would not be the most relevant subject of a Model Letter, even if Binance did claim it as the immediate 'data controller' in this situation, because the Republic of Seychelles maintains a full exclusion of Article 23 (no pre-trial requests allowed under any circumstances). If Binance corporate officers work through the personhood of Nest Services Limited and thus adhere to Seychelles' privacy laws in any way, that was a further off-shore business structuring choice on top of Binance Holdings Limited being an off-shore registration in itself in the first place. Such a deliberate structure should not serve as a layer of protection for fraudulent platform users.
IV. Binance-related WEB CITATIONS
1. Binance, How to Report Scams on Binance Support?, https://www.binance.com/en/support/faq/how-to-report-scams-on-binance-support-49b6dbdd87ed4c60b527375918ab5683, accessed 6 July 2024.
2. Binance, How to Report Stolen Funds Transferred to Binance, https://www.binance.com/en/support/faq/how-to-report-stolen-funds-transferred-to-binance-360000006051?hl=en, accessed 19 July 2024.
Specific issues encountered communicating with OKX.com through its web mechanisms; Document 19 select statements and conclusions
The following includes a legal assertion postulated as part of a Court Motion, but largely documents attempts at communicating with OKX.com.
II. OKX-related ANALYSIS
1. OKG Technology Holdings Limited (OKG Tech) with legal incorporation in the Hong Kong Special Administrative Region in terms of its principal place of business, as a self-described virtual asset custody service operator in association with a predominantly online business mixed up in this case (cryptocurrency platform at www.okx.com) and thus acting as the immediate beneficial owner of the platform for its own Cayman-incorporated parent, has failed to timely respond to a US subpoena, either in the form of the electronic information commanded or through a responsive pleading filed with the Court ('provides virtual asset trust and custody services and operates proprietary trading in the virtual assets' per www.okg.com.hk which links to www.okx.com (a virtual asset custody and trading platform)). Corporate officers of both OKG Tech and OKX as a brand are domiciled in the Hong Kong SAR, such as the CEO for OKG Tech and the Global Chief Commercial Officer for OKX. This is verifiable through company profiles on websites such as The Wall Street Journal and Bloomberg, and from related user profiles on LinkedIn. Plaintiff 2 served the subpoena through registered mail, a means granted by Document 10 after Plaintiffs were granted leave to serve subpoenas (Document 6).
a. It has been over 30 days since the subpoena was delivered on July 29th, 2024, with 30 days being a general standard for a responsive pleading on such a matter. The subpoena commanded production to take place by August 16th, 2024. OKX's Enforcement email address replied to Plaintiff 2 on August 5th, 2024 solely in regard to previous non-judicial electronic communications, without any implication that it was a responsive pleading on behalf of OKG Tech and without reference to registered mail.
2. Part of the OKX platform's further electronic reply to non-judicial electronic communication focused on 'Aux Cayes' (one of the OKX platform's immediate geofencing and financial entities registered in the Republic of Seychelles) as solely relevant to the data in question (Document 14-3). Plaintiffs largely anticipated such an assertion in Document 5, OKX Domestication Analysis section, and also had no way of considering Aux Cayes as most immediately responsible for the data before this latest claim due to the data's pseudonymous nature as currently known. It cannot be found as a domestic Seychelles company in the regular business registry at https://www.registry.gov.sc/BizRegistration/WebSearchBusiness.aspx, and thus is likely an International Business Company registered with the Seychelles Financial Services Authority under a registered office acting as the registered agent (defined in the Seychelles Consolidated International Business Companies Act 2016 to 20th December 2021, page 21). The complete registrar for such companies is not seemingly available, either publicly or for a fee, on www.fsaseychelles.sc except the subset of 'regulated entities.' Regardless, OKG Tech is relevant as the principal place of business and thus has reasonable access to the data or ought to have such access as already analyzed, whether directly or through any other subsidiary, affiliate or third-party data storage service. Plaintiffs find this insistence on Aux Cayes as the only 'proper target,' after multiple previous non-judicial email exchanges, to be an aggravating factor in that the legal structure of the global business makes it inherently more difficult than needed for a victim to figure out from whom to seek proportionate equitable relief. Even if unintentional, this has the effect of providing protection to fraudulent OKX platform customers.
a. Plaintiff 2 offered conditions to potentially determine a joint agreement to route the command for information through the Aux Cayes entity instead, without avowing it as the sole relevant entity, on August 9th, 2024 (Exhibit A, page 2). OKX's Enforcement address sent an apparent rejection to cooperate on such terms in a separate email on August 10th, 2024, again suggesting law enforcement avenues of resolution in the same way as previous emails from OXK email addresses (Exhibit B). In contrast, Section 9 of OKX's Privacy Policy page at https://www.okx.com/help/privacy-policy-statement describes that data may be stored in any country where OKX has operations and that authorities such as courts may be entitled to personal data. This creates a question as to why OKG Tech, as the operator of the custody service in the Hong Kong SAR, cannot or will not access the data to provide it as commanded in the subpoena. It ought to have access to the data, either directly or in joint with other entities (whether they be subsidiaries, affiliates or third-party data storage services), as a duty arising from the OKX platform's business contact with the Washington State forum through custody of Plaintiff 1's cryptocurrency.
b. Even if this entire business organizational structure with a relative off-shore entity is not taken to be a 'manipulation' to make it difficult to determine where data truly is being stored, or which entity immediately 'controls' data and thus which entity is most highly relevant to target in a command for data, especially relative to the fact that OKX data in controversy as currently known is pseudonymous versus the multiple number of geofencing entities involved, the authority of the US Bank Secrecy Act overrides any contractual relationship between OKG Tech and other entities. This assumes these other entities such as Aux Cayes are more than mere relative off-shore business registrations at that, but there is no evidence of operational staff or corporate officers in the Republic of Seychelles in particular. The overall core services operator as the beneficial owner (OKG Tech), the on-shore principal place of business, has the ultimate duty to have access to this data as part of knowing its sources of revenue. Otherwise, a layer of protection is effectively afforded to fraudulent platform users.
c. Plaintiff 2 sent a follow-up email on August 20th, 2024 as 30 days since delivery of the subpoena was approaching (Exhibit A, page 1). The OKX platform again replied in a separate email (Exhibit C), and assured that the issue was being escalated. Now it has been weeks even since this last message.
3. Plaintiff 2 originally reported the fraud as a private citizen to the OKX platform's Support email address in October 2023 as outlined in Document 5, OKX Domestication Analysis. He also sent non-judicial notice of a subpoena to OKX's Law Enforcement email address, which assigned a ticket # 5430773. All replies up until August 5th, 2024 exclusively emphasized that the OKX platform would only work with a registered law enforcement officer, without revealing which of the myriad OKX legal entities listed on the platform would be involved, if any. This essentially matches stipulations on OKX's Law Enforcement web page.
4. Plaintiffs find that OKG Tech knows or ought to know about the potential for users of www.okx.com (the platform relevant to this case) to harm third parties due to the fact that the platform maintains a Law Enforcement email address, but it is designed only for registered law enforcement personnel to interact with. Plaintiffs find continual responses from OKX email addresses regarding assertions characterizing law enforcement as the sole or primary means of accessing data to be an aggravating factor because there are no clear mechanisms for third parties to make reports of fraud or to submit civil documents outside of law enforcement, in spite of the known potential for cryptocurrency to be transferred to trade platforms under fraudulent pretenses. OKG Tech and the OKX platform's immediate geofencing/financial entities ought to expect in their risk analysis regime the possibility of third-party individual victims anywhere globally seeking proportionate equitable relief due to OKX users' activities, users who took advantage of the ecosystem. It cannot be expected that every third party can attain law enforcement attention, as will be analyzed in a supplementary Document.
a. OKG Tech doesn't necessarily have responsibility to understand how likely it is for third party victims to attain law enforcement attention, but the OKX platform under its custody service operation does not have apparently diversified methods to address such situations outside of advisements to seek law enforcement attention in spite of the known risks for fraud in the form of theft and money laundering for the fiat-valued cryptocurrencies traded on it.
5. OKG Tech has frustrated the potential recovery of money damages from specific Does (OKX users) regarding the following principal value, or at least of proportionate damages relative to the registrants of the fraudulent website involved in this case; and has also frustrated the possibility of determining if the OKX user Does are distinct from the fraudulent registrants, by failing to provide data in controversy:
a. Transaction ID # 0xf054fec7be2bcf9a6436fce9a8a5ee64191d93a68529dc.......
b. .........
c. The final value at the OKX transaction ID indicates that a substantial amount of cryptocurrency was mixed into Plaintiff 1's originating total from converging pathways (mixing and tumbling). However, there were few outgoing branching pathway possibilities at any given point in the transaction chain, with the relevant route determined based on timing and total value converging to this singular end-point.
6. A further aggravating factor is that OKG Tech likely gained revenue from fraudulent transactions in controversy as the immediate parent of the OKX platform entities, even though the exact amount is unknown to third parties without the discovery of related financial records. Cryptocurrency exchange businesses that comprise the market ecosystem for cryptocurrency as a fiat-valued asset typically earn revenue from transaction fees (Buy and Sell actions).
7. Considering the Hague Evidence Convention and the Aérospatiale case in more detail, OKG Tech could have a valid fear of violating a blocking statute or data privacy law regarding wherever data is stored (location indeterminate with publicly-available information), or regarding the jurisdictions of other entities through whose personhoods certain corporate officers operate. However, Plaintiffs' command has been limited and specific, is vital to the case (identification of all possible Does), involves data that cannot be attained in another way because a transaction event in controversy terminated at the OKX platform, and is not a compliance hardship because such data is expected to be collected and maintained as part of a Know Your Customer regime.
a. For reasons outlined in Document 15, Plaintiffs would still ask the Court to act as Applicant on a Hague Evidence Model Form to the Hong Kong SAR's Central Authority if the Convention were utilized toward international comity. Otherwise, Plaintiffs will need explicit authorization to act as Applicant to have a chance at getting anywhere directly with this Authority given the USA Central Authority's clause that 'any other person or entity authorized by the rules of the court' could act as Applicant. The Hong Kong SAR's Chief Administration's Office has not recognized Plaintiffs as valid Applicants so far.
b. The primary OKX geofencing entity Aux Cayes would not be the most relevant subject of a Model Letter, even though the OKX Enforcement email address claims it as the immediate 'data controller' in this situation, because the Republic of Seychelles has a full exclusion of Article 23 (no pre-trial requests allowed under any circumstances). If OKG Tech corporate officers work through the personhood of Aux Cayes and thus adhere to Seychelles' privacy laws in any way, that was an off-shore business structuring choice either on its part or its own Cayman parent's part, which should not serve as a layer of protection for fraudulent platform users.
c. That both platform users and third-party victims could be anywhere globally in this type of business should also favor the victim's jurisdiction when it comes to proportionate equitable relief in the form of platform data for the same reason. A business structure involving an off-shore entity may not have been implemented intentionally in 'bad faith' regarding user processing, although the OKX platform's prior settlements such as Ontario Securities Exchange Commission’s FILE NO.: 2021-29, 22nd September 2022 regarding the OKX platform’s unregulated intake of Ontario users suggests there originally was such a component to structural business decisions. However, in any event, the structure can cause adverse effects in practice regardless of original intent given the lack of seriousness toward Plaintiff 2's initial report of fraud in October 2023. The OKX platform's Enforcement email address then eventually cited the existence of an off-shore business entity as an excuse in itself to delay or prevent the provision of proportionate equitable relief versus the ease with which users could complete conversion activity using the platform, at least during the period in controversy.
Post-filing note on assertions related to the facts presented - 6/15/2023; updated 11/13/2025
I compiled these filings before I knew to consider personal jurisdiction from a minimum contact perspective in a US context, and similarly did not take into account Federal standards for cognizable harm. Because personal jurisdiction was later not found to hold in this context in US Federal District Court because of the third-party nature of the entities relative to the case and because of their use of US DNS infrastructure not counting as constituting enough of a business presence in the United States, I went about another round of attempting to domesticate cases in other jurisdictions per my notes in the Research section of this website.
The cause of action in the sense of those spin-off controversies is rooted in a duty of care basis. That is, assertions that a duty of care exists to provide plausibly accurate data about users accused of tort harms and laundering even without prior relationships between the victim of the case (or myself) and the entities because of a Statutory basis to attain and retain such data, a contractual basis to attain and retain such data asserted as superseding any 'no third-party benefits' clauses, a case precedent basis and/or that a firm understanding of Know Your Customer standards has existed in the public mind at least since events in controversy.
However, these filings were primarily about establishing the difficulties involved in attaining enforcement support and to show how such entities might create excuses to evade helping victims of their users/customers, to deflect having any legal or ethical responsibilities or to insist that they don't have to help or will not help without any compulsion via Court or government enforcement demands. All of which occurred in these examples, with only one out of three entities eventually cooperating. This is why I found value in documenting these particular entities' actual response to such data concerns from someone impacted by them (my dealing with the victim's circumstances toward finding a recovery solution) even without regard to the eventual US Federal District Court case, and how their anti-fraud and consumer reporting systems actually held up under such scrutiny without intervention by government enforcement or Court systems.
11/13/2025 - Because it has been made apparent from related endeavors that I've been undertaking that enforcing claims may not be validly cognizable when there is not a specifically intended beneficiary under a stated authority for relief, this may apply particularly in the matter with Binance. I have been pursuing a Cayman Court case after arbitration was paused over the amount of fees demanded by the HKIAC, and the Cayman Islands' anti-money laundering laws don't have an explicit private right of action, let alone specifically intended beneficiaries when KYC failures occur by a financial institution (which includes money transmitters and includes virtual assets). The Writ I had submitted hadn't reached 'filed' status anyway so I updated it to only have a nominal monetary claim (get around issues I was having with calculated ad valorem fees over the original claim value) and emphasized the primary basis in Norwich relief.
Norwich relief entails clear duties to specifically intended beneficiaries seeking information from entities about people accused of harms mixed up in utilizing those entities to harm third-parties relative to such equitable relief sought. The problem is if a KYC failure did occur, what level of enforcement of accuracy of customer information can take place. Traditional Norwich precedent has to do with finding the identities of employees of companies or similar persons where the identities can be easily verified and where there isn't necessarily a question of whether such people can be fully identified for that reason. This is where I see such a Court (in this situation, Cayman Islands' system) needing to fashion some level of a custom equitable solution to account for any further research and validation if initial information is not accurate within a digital context (no verified identity or jumbled information). I.e., where a solution might entail requiring the information target to explain how it verified the data and if it still isn't accurate, to explain why it reasonably is still inaccurate and why it is not further correctable. Accuracy level is a very big risk with Binance since it was known to have intentionally sabotaged its own KYC regime to expand its business per the CFTC case against it, where it pled guilty.