Key Takeaways
- This ruling provided a clear Canadian precedent for how crypto exchanges discharge duty of care through active, documented warnings.
- The court placed significant evidentiary weight on compliance actions beyond the standard User Agreement, including recorded phone calls and staff warnings.
- An exchange was not required to refuse a transaction, even if a scam was suspected, provided it had clearly and repeatedly warned the customer of the risks.
- The court’s acceptance of the exchange’s internal risk assessment (BitRank analysis) as evidence highlighted the value of maintaining auditable compliance procedures.
- The decision to award costs against the plaintiff reinforced the strength of a defence built on proactive, documented, and unheeded customer warnings.
Case Citation & Jurisdiction
Xu v. NDAX Canada, 2025 BCSC 2048 (British Columbia Supreme Court)
Factual Background
The plaintiff, Ms. Xu, was the victim of a sophisticated cryptocurrency scam. She was convinced by an unnamed person to invest in a fraudulent scheme that promised returns of 1% per day. After the scammer built trust by returning initial small investments, Ms. Xu was persuaded to invest a much larger sum [J.3].
To acquire the necessary funds, Ms. Xu remortgaged her house and borrowed from a friend. Between April 11 and May 17, 2023, she opened an account with the defendant, NDAX Canada, and deposited $671,000, which she used to purchase Ethereum [J.4-7].
On April 18, 2023, Ms. Xu initiated a withdrawal of Ethereum to an external wallet address provided by the scammer. This action triggered a multi-stage warning protocol from NDAX.
First, the platform presented Ms. Xu with a “Crypto Risk Disclosure,” explicitly warning that sending funds to an untrusted wallet could result in permanent loss and to be wary of high-return investment opportunities. She was also presented with a “Second Warning” confirming the irreversibility of crypto-asset withdrawals . Ms. Xu clicked “accept” on both [J.10 – 12].
Second, an NDAX employee contacted Ms. Xu by phone for the “Third Warning.” During this call, the employee explicitly told Ms. Xu that she was “likely ‘being scammed'” and advised her not to proceed with the transaction. Ms. Xu ignored this warning, insisted on proceeding, and threatened legal action if NDAX did not comply [J.13 – 14].
Third, due to the identified risk, the call was escalated to a compliance officer for a “Fourth Warning”. During this call, Ms. Xu falsely informed the officer that she was an accountant, had been trading stocks for 20 years, and that the recipient wallet was her own . She reaffirmed her understanding of the risks and confirmed her instructions to process the transfer [J.15].
The court noted that prior to the transfer, NDAX conducted a “BitRank analysis” on the recipient wallet, which returned an acceptable score, indicating it was not, at that time, flagged for fraudulent activity [J.18].
Following Ms. Xu’s explicit final confirmation, NDAX processed the first transaction. Ms. Xu then proceeded with two subsequent transfers to the same scammer’s wallet, resulting in the total loss of her $671,000 [J.16, J.17].
When is a Crypto Exchange Liable for a Customer’s Scam Losses?
This case provided a direct answer to this question. The plaintiff argued that the defendant, NDAX, breached a duty of care owed to her by failing to advise her that the recipient wallet was controlled by a “scammer” [J.22].
The court had to determine what actions were required for an exchange to satisfy its standard of care when faced with suspicious circumstances and a client actively ignoring risks.
The case tested how crypto exchanges discharge duty of care when a customer, under the influence of a scammer, insists on proceeding with a high-risk, irreversible transaction. The ruling hinged on whether NDAX’s multi-layered warnings were sufficient, or if they were required to take the further step of refusing the transaction entirely.
The BC Supreme Court’s Findings
The court’s findings focused on the specific, documented actions the exchange took after identifying the transaction’s risk.
The Four Warnings: The Multi-Layered Intervention
The court analysed the four-stage warning process NDAX deployed. It noted that the first two warnings (the “Crypto Risk Disclosure” and the “Second Warning”) were part of the defendant’s standard, routine system [J.35].
The court placed significant weight on the direct, human interventions. It highlighted the “Third Warning,” a recorded phone call where an employee explicitly advised the plaintiff she was “likely ‘being scammed'”. The court found this warning “could not have been clearer” [J.13].
It also noted the “Fourth Warning,” an escalation to a compliance officer. This final attempt to warn the plaintiff was met with an insistent demand to proceed, including threats of legal action [J.38].
The Finding on the Standard of Care
The plaintiff’s claim that NDAX should have identified the specific recipient wallet as a “scammer” was rejected. The court found this was information the defendant did not have; in fact, its internal BitRank analysis of the wallet returned an acceptable (non-fraudulent) score at the time [J.18, J.37].
The court concluded that NDAX had warned of the potential for a scam, which was the key risk. It stated there was “no evidence or basis to conclude that further warnings… would have convinced the plaintiff” [J.37].
Importantly, the court found that NDAX was not entitled to simply refuse the transaction against the plaintiff’s clear instructions [J.39]. The court’s core finding was unambiguous: “…I am able to conclude that the defendant satisfied any standard of care that would have been applicable” [J.34].
The plaintiff’s claim was dismissed, and costs awarded [J.43].
Analysis & Implications
For litigators analysing how crypto exchanges discharge duty of care, this case is an important precedent. The court’s decision was based on the evidentiary power of proactive compliance records, moving the defensibility argument far beyond the standard User Agreement.
Our Analysis: Beyond the User Agreement
While the plaintiff had accepted a User Agreement and Risk Statement, the court’s analysis went significantly deeper. The strength of the defence rested on the specific, auditable compliance actions NDAX took after identifying the suspicious transaction.
The court scrutinised the recorded phone calls, the “Third Warning,” and the compliance officer’s “Fourth Warning” [J.13, J.15]. This evidence demonstrated, in a way a click-wrap agreement cannot, that the exchange made a clear and explicit effort to warn the plaintiff of the specific risk she faced. The warnings were not generic; they were direct, human, and recorded.
The court’s acceptance of the internal “BitRank analysis” as evidence is a key data point [J.18]. It showed the exchange had an internal risk assessment process and followed it. Even though the wallet was not yet flagged, the analysis itself was part of the “reasonable” standard of care the court found NDAX had satisfied [J.34].
For Litigators: Why Documented Warnings are a Core Defensibility Asset
For litigators, this ruling highlights that the core of a successful defensibility argument lies in evidence beyond the Terms & Conditions. The court’s focus on the record of these warnings—the call logs, the compliance officer’s testimony, and the internal risk report—is the central lesson.
This case demonstrates that a court will give significant weight to documented, proactive interventions. When defending an exchange or VASP, counsel should immediately seek this evidence. Call recordings, email chains with compliance staff, and internal risk reports (like the BitRank analysis) are admissible, court-tested assets for building a robust defence.
The court’s decision to award costs against the plaintiff [J.43] signals that when an exchange can provide a clear, documented record of having warned a customer who then proceeds to ignore those warnings, the judiciary is prepared to fully endorse the sufficiency of the exchange’s actions.
