• This ruling provided a clear Canadian precedent for how crypto exchanges discharge duty of care through active, documented warnings.
• The court placed significant evidentiary weight on compliance actions beyond the standard User Agreement, including recorded phone calls and staff warnings.
• An exchange was not required to refuse a transaction, even if a scam was suspected, provided it had clearly and repeatedly warned the customer of the risks.
• The court’s acceptance of the exchange’s internal risk assessment (BitRank analysis) as evidence highlighted the value of maintaining auditable compliance procedures.
• The decision to award costs against the plaintiff reinforced the strength of a defence built on proactive, documented, and unheeded customer warnings.

Case Citation & Jurisdiction

Xu v. NDAX Canada, 2025 BCSC 2048 (British Columbia Supreme Court)

Factual Background

The plaintiff, Ms. Xu, was the victim of a sophisticated cryptocurrency scam. She was convinced by an unnamed person to invest in a fraudulent scheme that promised returns of 1% per day. After the scammer built trust by returning initial small investments, Ms. Xu was persuaded to invest a much larger sum [J.3].

To acquire the necessary funds, Ms. Xu remortgaged her house and borrowed from a friend. Between April 11 and May 17, 2023, she opened an account with the defendant, NDAX Canada, and deposited $671,000, which she used to purchase Ethereum [J.4-7].

On April 18, 2023, Ms. Xu initiated a withdrawal of Ethereum to an external wallet address provided by the scammer. This action triggered a multi-stage warning protocol from NDAX.

First, the platform presented Ms. Xu with a “Crypto Risk Disclosure,” explicitly warning that sending funds to an untrusted wallet could result in permanent loss and to be wary of high-return investment opportunities. She was also presented with a “Second Warning” confirming the irreversibility of crypto-asset withdrawals . Ms. Xu clicked “accept” on both [J.10 – 12].

Second, an NDAX employee contacted Ms. Xu by phone for the “Third Warning.” During this call, the employee explicitly told Ms. Xu that she was “likely ‘being scammed'” and advised her not to proceed with the transaction. Ms. Xu ignored this warning, insisted on proceeding, and threatened legal action if NDAX did not comply [J.13 – 14].

Third, due to the identified risk, the call was escalated to a compliance officer for a “Fourth Warning”. During this call, Ms. Xu falsely informed the officer that she was an accountant, had been trading stocks for 20 years, and that the recipient wallet was her own . She reaffirmed her understanding of the risks and confirmed her instructions to process the transfer [J.15].

The court noted that prior to the transfer, NDAX conducted a “BitRank analysis” on the recipient wallet, which returned an acceptable score, indicating it was not, at that time, flagged for fraudulent activity [J.18].

Following Ms. Xu’s explicit final confirmation, NDAX processed the first transaction. Ms. Xu then proceeded with two subsequent transfers to the same scammer’s wallet, resulting in the total loss of her $671,000 [J.16, J.17].

When is a Crypto Exchange Liable for a Customer’s Scam Losses?

This case provided a direct answer to this question. The plaintiff argued that the defendant, NDAX, breached a duty of care owed to her by failing to advise her that the recipient wallet was controlled by a “scammer” [J.22].

The court had to determine what actions were required for an exchange to satisfy its standard of care when faced with suspicious circumstances and a client actively ignoring risks.

The case tested how crypto exchanges discharge duty of care when a customer, under the influence of a scammer, insists on proceeding with a high-risk, irreversible transaction. The ruling hinged on whether NDAX’s multi-layered warnings were sufficient, or if they were required to take the further step of refusing the transaction entirely.

The BC Supreme Court’s Findings

The court’s findings focused on the specific, documented actions the exchange took after identifying the transaction’s risk.

The Four Warnings: The Multi-Layered Intervention

The court analysed the four-stage warning process NDAX deployed. It noted that the first two warnings (the “Crypto Risk Disclosure” and the “Second Warning”) were part of the defendant’s standard, routine system [J.35].

The court placed significant weight on the direct, human interventions. It highlighted the “Third Warning,” a recorded phone call where an employee explicitly advised the plaintiff she was “likely ‘being scammed'”. The court found this warning “could not have been clearer” [J.13].

It also noted the “Fourth Warning,” an escalation to a compliance officer. This final attempt to warn the plaintiff was met with an insistent demand to proceed, including threats of legal action [J.38].

The Finding on the Standard of Care

The plaintiff’s claim that NDAX should have identified the specific recipient wallet as a “scammer” was rejected. The court found this was information the defendant did not have; in fact, its internal BitRank analysis of the wallet returned an acceptable (non-fraudulent) score at the time [J.18, J.37].

The court concluded that NDAX had warned of the potential for a scam, which was the key risk. It stated there was “no evidence or basis to conclude that further warnings… would have convinced the plaintiff” [J.37].

Importantly, the court found that NDAX was not entitled to simply refuse the transaction against the plaintiff’s clear instructions [J.39]. The court’s core finding was unambiguous: “…I am able to conclude that the defendant satisfied any standard of care that would have been applicable” [J.34].

The plaintiff’s claim was dismissed, and costs awarded [J.43].

Analysis & Implications

For litigators analysing how crypto exchanges discharge duty of care, this case is an important precedent. The court’s decision was based on the evidentiary power of proactive compliance records, moving the defensibility argument far beyond the standard User Agreement.

Our Analysis: Beyond the User Agreement

While the plaintiff had accepted a User Agreement and Risk Statement, the court’s analysis went significantly deeper. The strength of the defence rested on the specific, auditable compliance actions NDAX took after identifying the suspicious transaction.

The court scrutinised the recorded phone calls, the “Third Warning,” and the compliance officer’s “Fourth Warning” [J.13, J.15]. This evidence demonstrated, in a way a click-wrap agreement cannot, that the exchange made a clear and explicit effort to warn the plaintiff of the specific risk she faced. The warnings were not generic; they were direct, human, and recorded.

The court’s acceptance of the internal “BitRank analysis” as evidence is a key data point [J.18]. It showed the exchange had an internal risk assessment process and followed it. Even though the wallet was not yet flagged, the analysis itself was part of the “reasonable” standard of care the court found NDAX had satisfied [J.34].

For Litigators: Why Documented Warnings are a Core Defensibility Asset

For litigators, this ruling highlights that the core of a successful defensibility argument lies in evidence beyond the Terms & Conditions. The court’s focus on the record of these warnings—the call logs, the compliance officer’s testimony, and the internal risk report—is the central lesson.

This case demonstrates that a court will give significant weight to documented, proactive interventions. When defending an exchange or VASP, counsel should immediately seek this evidence. Call recordings, email chains with compliance staff, and internal risk reports (like the BitRank analysis) are admissible, court-tested assets for building a robust defence.

The court’s decision to award costs against the plaintiff  [J.43] signals that when an exchange can provide a clear, documented record of having warned a customer who then proceeds to ignore those warnings, the judiciary is prepared to fully endorse the sufficiency of the exchange’s actions.

The post How Crypto Exchanges Discharge Duty of Care: Xu v. NDAX Canada appeared first on Captura Cyber.

This judgment provides four clear implications for litigators seeking to impose a Constructive Trust over stolen crypto assets.

• Constructive Trust Legal Mechanism Available: The court accepted that a constructive trust will arise automatically over property obtained by fraud against the fraudulent recipient (Persons Unknown) [J.341]. This applies to crypto assets with the same force as it does to traditional assets.
• Burden of Proof on the Claimant: The claim ultimately failed because the Claimant could not prove, on the balance of probabilities, that the stolen assets ever reached the defendant VASP[J.383]. The essential legal link was technically missing.
• VASP Not Liable on the Facts: The court accepted the legal availability of a constructive trust, but the VASP was not found to hold any trust funds and could not be considered a constructive trustee in this instance [J.383].
• Evidence of Cryptocurrency Tracing was the Failure Point: Establishing a constructive trust was primarily a question of successful, admissible, and forensically sound cryptocurrency tracing [J.6-7]. Flawed cryptocurrency tracing evidence meant the legal link was absent.

Case Citation & Jurisdiction

• Case Name: Fabrizio D’Aloiaa v Persons Unknown Category A and Others
• Neutral Citation: [2024] EWHC 2342 (Ch)
• Jurisdiction: High Court of Justice of England and Wales, Business List (Chancery Division)
• Date of Judgment: 12 September 2024

Factual Background: D’Aloia vs. Persons Unknown

The Claimant, Mr D’Aloiaa, was the victim of a sophisticated cryptocurrency investment scam that began in July 2021. He was duped into believing he was investing through a legitimate cryptocurrency exchange. This conviction led to the transfer of a substantial quantity of digital assets.

In total, approximately 2.1 million USDT, a stablecoin, was stolen across multiple transactions. The core of the legal action focused on one specific tranche of 400,000 USDT.

The fraudulent transactions were traced to a specific wallet address controlled by the anonymous fraudsters (Persons Unknown). This Constructive Trust was accepted as arising over those funds at that point. The central factual issue was the subsequent movement of those specific funds. 

The Claimant asserted that the 400,000 USDT were moved through the blockchain and ultimately reached an account held at the Sixth Defendant, Bitkub. Bitkub is a registered VASP (Virtual Asset Service Provider) based in Thailand. The entire case against Bitkub hinged on establishing this final link via cryptocurrency tracing evidence. [J.1-3]

Imposing a Constructive Trust on a VASP

This case required the court to navigate established equitable principles and technical blockchain evidence. The High Court accepted the principle of a constructive trust in cryptocurrency: property obtained by fraud creates an automatic trust in favour of the original owner [J.343]. This framework applies to digital assets with the same force as it does to traditional assets.

The core legal question was whether the Constructive Trust should be extended from the fraudster to the VASP (Bitkub). To succeed, the Claimant had to technically prove that his specific, stolen crypto assets were still identifiable within the Bitkub ecosystem. The claim against Bitkub relied entirely on the assertion that the funds had been deposited into a specific Bitkub wallet address. Bitkub’s defence was purely factual, arguing that it was an innocent third-party intermediary that never received the Claimant’s crypto assets. Therefore, there could be no constructive trust and VASP liability, as Bitkub was not holding any trust property [J.4ii]. The success of the Constructive Trust claim rested entirely on the technical accuracy, admissibility, and forensic soundness of the underlying cryptocurrency tracing report.

The Court’s Findings

The Court ruled in favour of the Sixth Defendant, Bitkub. The Claimant failed to satisfy the court, on the balance of probabilities, that any of his stolen USDT ever arrived at the designated Bitkub wallet address [J.383]. The tracing evidence presented was deemed unreliable and failed to establish a critical factual link between the Claimant’s loss and Bitkub’s receipt.

The judgment confirmed the legal availability of the Constructive Trust mechanism in a cryptocurrency context. The court accepted that a Constructive Trust had automatically arisen over the funds in the hands of the fraudsters (Persons Unknown). However, the absence of a proven receipt by the VASP meant the legal link connecting the Claimant to Bitkub was missing from the claim [J.383].

Since Bitkub was found never to have received the trust property, the claim for Constructive Trust, VASP liability, and breach of trust could not succeed. The court noted that no claim for “knowing receipt” had been asserted, preventing the Claimant from pursuing an alternative path for remedy [J.20]. The outcome thus turned entirely on the failure to establish the factual chain of ownership, not on a fundamental flaw in the equitable principle.

Analysis and Implications

The D’Aloia Judgment found that the equitable remedy of Constructive Trust was fully available for crypto asset recovery. It signalled that UK courts will apply well-established equitable principles to digital assets. The objective of establishing a Constructive Trust in cryptocurrency is sound, provided the technical burden is met.

This case is a reminder that legal principles are not precise. The failure to prove that the stolen funds reached the VASP was the single, fatal flaw of the claim [J.382]. Therefore, the Constructive Trust and VASP relationship requires a chain of evidence that is admissible and forensically defensible under cross-examination.

For any action seeking a Constructive Trust over funds held by an exchange, parties must consider the quality of the cryptocurrency-tracing evidence to prove the factual link to the VASP.

The post Constructive Trust Claims Against Cryptocurrency Exchanges: D’Aloia v Persons Unknown appeared first on Captura Cyber.