In the field of crypto-assets, the impact is often twofold: the instant financial loss and the perception that there is “nothing that can be done” because everything would be irreversible. In reality, legal remedies do exist. However, they follow a different approach from traditional banking disputes, as evidence is hybrid (on-chain and off-chain) and effectiveness depends on the promptness of of initial steps taken.
In 2025 and 2026, the regulated ecosystem is reshaping the landscape. The MiCA Regulation (Markets in Crypto Assets) imposes strengthened standards to providers, while the DORA Regulation (Digital Operational Resilience Act) applicable since 2025, establishes a framework for digital operational resilience in the financial sector. Meanwhile, the European travel rule enhances transaction traceability, providing new tools for victims.
Theft, Hack or Scam: Properly Qualifying The Situation to Act Effectively
The first crucial step is the legal qualification of the event, as it determines the type of legal action to be taken.
A compromised custodial account, involves unauthorized access to a platform account, such as phishing, SIM swap or bypassing two-factor authentication. In this case, the provider has a contractual security obligation towards the user.
A compromised non-custodial wallet occurs when a seed phrase is disclosed or when a malicious contract is signed. In such cases, no intermediary holds custody of the funds, which makes legal recourse more complex, though not impossible.
An investment scam, is characterized by the fact that the victim initiates the transfers themselves under the influence of fraudulent deceptive schemes. This is legally classified as fraud under Article 313-1 of the French Penal Code.
Evidential Reflexes: Building a Solid Case
The law does not protect perceptions, but a documented chronology does. Even before filing a complaint, it is essential to preserve evidence. Immediately take screenshots of the account history, emails or logins notifications.
Organize technical data, including transaction ID (hashes), sending and receiving addresses and precise timestamps. Also preserve system logs and the full correspondence with the platform’s support team. Finally, document fiat currency flows, (bank transfers and statements), used to acuire the assets.
Criminal Proceedings: Filing a Complaint and Seeking Asset Freezing
Most incidents fall under strandard criminal offences: fraud, unauthorized access to an automated data processing system, or breach of trust. Filing a complaint is possible via the THEESE platform for online fraud cases, triggering judicial requests.
The key objective is to freeze assets as quickly as possible once a regulated entry point, like a cryptocurrency exchange platform, has been identified. Time is the main opponent: the more time passes, the more funds are fragmented and transferred to less cooperative jurisdictions.
Civil Proceedings: Engaging The Liability of Intermediaries
When theft occurs via a custody platform, the discussion shifts to contractual liability. The analysis then focuses on the robustness of security systems and the quality of the provider’s anti-fraud mechanisms. With MiCA, these standards are significantly strengthened.
In cases of fraud involving bank transfers, a bank’s liability may sometimes be engaged on the basis of its duty of care, particularly regarding the detection of unusual transactions in light of the customer’s profile. This is a highly technical assessment that depends on the amounts involved, the frequency of transfers, and the institution’s responsiveness to fraud indicators.
DORA and The Travel Rule: New Evidential Tools
The DORA Regulation transforms cyber incidents into triggering events for regulatory obligations. A non-compliance of these obligations, such as a lack of incident notification or insufficient security testing, may constitute evidence of fault in a liability action against a provider.
The Travel Rule, on the other hand, requires that each transfer be accompanied by identifiable customer data. If stolen funds transit through a regulated entity, that entity now holds actionable information that can support a request for asset freezing or a judicial investigation.
Recovering funds: managing expectations
First of all, it is important to be clear-eyed: not all losses are recoverable. The likelihood of recovery depends on the speed of response, the quality of the evidence, and the existence of a regulated centralized entry point. The objective is often to maximize the chances of an immediate asset freeze, or to pursue a solvent intermediary if it has failed in its duty of care and compliance obligations.
To Keep in Mind
In the field of crypto-assets, technical irreversibility does not constitute a legal inevitability. The ability to precisely document an incident and to quickly engage regulated actors can make a decisive difference. Within a European framework now structured by MiCA and DORA, the rigor of evidence collection becomes a key legal lever.
This article was written with the expertise of HASHTAG Avocats.
