The Higher Regional Court (OLG) Braunschweig has made a far -reaching decision that should have an impact on the criminal prosecution of “thefts” of crypto values in Germany. In this case, the question was whether cryptocurrencies worth around 2.5 million euros, which had been withdrawn from their rightful owner by a presumably unauthorized manner, may be confiscated to secure a possible value replacement. The district court of Göttingen raised a corresponding arrest order from the public prosecutor. The OLG confirmed this step because it lacks an initial suspicion for a criminal act. The accused escapes a legal punishment.
The 1st penalty of the second instance provides the facts in its now published judgment from September 2024 (Az.: 1 WS 185/24): A suspect was confronted with the accusation that 25 million digital, unspecified coins were illegally appropriated. He therefore helped another person-the later injured party-to set up a digital wallet in the form of a wallet for a token project. The accused received access to the password seed phrase necessary for access, which consisted of 24 words. Afterwards, the accused is said to have transferred the crypto values from the victim’s e-letter bag to two other wallets that did not belong to the injured party.
The OLG initially stated: According to Paragraph 242 Criminal Code (StGB), the theft is the “removing a strange movable thing”. However, cryptocurrencies such as Bitcoin or Ethereum are not to be regarded as “things” in the sense of the law, since they have no physical, physical existence. Rather, it is digital values, more precisely, entries in a decentralized blockchain. A stealing in the physical sense is so conceptually excluded in these, which makes the fact of the theft excreted from the outset.
Hacker paragraphs do not apply
The Braunschweig judges also deal with other potential criminal offenses that could be relevant in such cases. They came to similar restrictive results. The Senate rejected a classification as a computer fraud (paragraph 263a of the Criminal Code), since the unauthorized transfer of cryptocurrencies usually lack the characteristic of the “unauthorized effect on the result of a data processing process”.
In particular, a transaction in the blockchain system should not be seen as a “explanation” or “deception” in the sense of computer fraud, the judgment says. In contrast to online banking, where the entry of a TAN as an implied explanation of a authorization for transaction, the crypto transaction is carried out by the pure input of the private key. This triggers the transaction directly in the decentralized system. There is no “explanation of a authorization” to the transfer, which would be characteristic of computer fraud. The system only examines the validity of the key, not the justification of the acting individual in the sense of a human declaration of intent.
There is also no criminal liability for spying on data (Paragraph 202a of the Criminal Code), according to the OLG. This clause protects information that “is particularly secured against unauthorized access”. If private keys or passwords are obtained by insufficient security measures, for example by an open notebook or by social engineering, the decision is lacking in overcoming a “special backup”. Such would only exist if, for example, a technical device such as encryption or an external protective measure had to be overcome.
Civil law procedure remains open
The court also dealt with the paragraph on data change (303a StGB). It is indicated that the transfer of tokens in the blockchain is technically a change in data. Nevertheless, the court did not see the accused as a perpetrator. The Senate justifies the fact that the actual data change does not directly confirm the transactions by the accused, but by the operator’s network. Even indirect causation was not sufficient for the court, since the sovereignty over the blockchain entries was ultimately with the network participants.
According to the criminal lawyer Jens Ferner the decision for the practice means “a surprising turning point”: Investigative authorities who reflexively return to paragraphs 202a or 303a of the Criminal Code in order to sanction token-transfers in a criminal basis would have to count on acquittals or the cessation of procedures in the future. In the present constellation, the “virtual theft” remains a civil law, but not a criminal act. Anyone who sneakes access to a wallet in any case is in the criminal environment. The quintessence for the lawyer is: “Criminal law is not a all -purpose weapon against any form of digital illoyality – and shouldn’t be either.” However, it is questionable whether the OLG view prevails in the long run.
(nen)
