Search and find what you need faster.

Matt Green on Recovering $1.5M in USDC in Under Two Weeks: Legal “Nuclear Options” and Peer-to-Peer Strategy

Posted on: January 12th, 2026 by Ella Darnell


This article was written by Matt Green, Director and Head of Blockchain and Digital Assets, and was published on Thomson Reuters Regulatory Intelligence on 8 January, 2026.

You can read the full article as published on Thomson Reuters below.

As traditional finance houses seek to diversify and enter the decentralised world (bitcoin’s value increased by 132% over the last five years), the obvious risks are less technical and more human.

Senior boards are hiring staff whose job specifications are sometimes not fully understood or wildly unfamiliar. Crypto traders often possess specific knowledge that is not widely shared across an organisation, posing a significant risk to business operations.

Little exemplifies this pattern more than a recent UK High Court case (held in private) brought by a London hedge fund that found more than 1.9 million USDC (a stablecoin called Circle, whose value is pegged to the U.S. dollar) drained from their trading account. They had no idea how this happened, no clear leads and no technical vulnerabilities.

This article deals with how lawyers, investigators and blockchain forensic firms helped recover most of the funds within nine working days from being instructed through to recovery, and how the most “nuclear” of legal tools can be used to secure fast and substantial results.

Tracing stablecoins and the smoking gun

The approximately 1.9 million USDC drained was traced by Token Recovery, a blockchain forensics firm that confirmed the funds were consolidated into a single address and remained there for several days. From experience, in the event of a theft, funds are quickly laundered via tumblers and put out of reach by a process known as “smurfing,” whereby large sums of money are broken down into smaller transactions to remain undetected by anti-money laundering protocols and to frustrate tracing. The fact that this money remained in one place for several days indicated that the threat actor was likely unsophisticated and opportunistic.

It was suggested that the hedge fund conduct an internal investigation to determine whether any suspicious staff or activity indicated that the theft was an inside job.

The hedge fund found that one employee, a software engineer (“Mark”), had recently resigned, and according to access logs, took a particular interest in the targeted wallets on the day of the theft.

In response to certain behaviours during employment, the hedge fund had implemented human-resources-led monitoring software on his profile, which took a screenshot of his computer every few seconds, creating a video of his activities. The software had largely been forgotten, but was now vital evidence, given the direction of blockchain forensics.

The video showed that Mark:

  • Reviewed the balances of the hedge fund’s crypto trading accounts.
  • Logged into the relevant servers which ran the trading engines.
  • Initiated memory dumps of those engines and copied them to his local system.
  •  Loaded the files into a debugger and immediately navigated to the relevant private keys, which gave any holder the ability to withdraw funds from the relevant account.
  • Then, moments later, searched Google for “Metamask” (cryptocurrency wallet management software) and “what is a Polygon wallet,” suggesting he intended to trade the funds on the Polygon market.

In all, this was key evidence, given there was no genuine reason for Mark to navigate to the private keys. It may have taken longer to consider this evidence without the forensics and laundering patterns.

Law enforcement

The incident was reported to police on several occasions, and a crime reference number was provided, to be handled by Action Fraud, a triaging service for law enforcement.

From the pace and manner following reporting, the hedge fund instructed its lawyers, law firm Lawrence Stephens Limited, of which the author is a partner, to make a move more quickly, given the evidence at hand. This is the timeline’s first working day.

Urgent injunctions, nuclear options

On the second working day, the hedge fund and its legal team appeared in the High Court on an urgent basis, seeking highly intrusive court orders.

The first was a proprietary injunction (an order to do or not do something with specific property or its traceable proceeds) over the approximately 1.9 million USDC, which in the meantime had started moving and was being laundered more professionally.

The second was a worldwide freezing injunction over Mark’s assets over £1,000 in value and up to $1.9 million (approximately £1.5 million) in total, preventing him from moving assets or money, except for his capped living expenses, without being in contempt of court.

The third was a search and imaging order (also known as an “Anton Piller”[1] order), which allowed the legal team to search Mark’s premises for relevant documents and electronic devices, gain access to relevant accounts, compel the delivery of information and hardware and image the contents of those devices.

This would ensure that critical evidence could be searched for, seized, recorded and preserved for future use. In short, it prevented Mark from destroying evidence that could potentially prove his liability and reveal to the hedge fund what happened to its stolen USDC.

Anton Piller orders are rare, granted by the courts in limited circumstances and widely viewed as the civil court’s “nuclear option.”There must be an extremely strong prima facie case to persuade the court to make such an order, and the court appoints a supervising solicitor to safeguard a defendant’s interests during the search.

The hearing was on an “ex parte” (without notice) basis, meaning Mark had no knowledge that this was happening. The court issued the orders that night. A private investigator was then hired to follow Mark’s movements and monitor his home.

Working day three was spent preparing documents for service and instructing forensic imaging experts (JS Held) who would image devices, and the supervising solicitors.

Home entry

Execution of the search was planned for working day four, a Friday. Service of documents was limited to between 0930 and 1400. There was always a risk that Mark might not be at home, that he (or any cohabitant) might refuse to open the door, or that he might jump out of the window and run away. In any of those cases, a new court order would likely be required. Had he wilfully refused to open the door, he would have been in contempt of court.

The investigator confirmed that Mark was seen entering the house the night before, and there was no evidence that he had left. The supervising solicitors knocked just after 0930 and woke the house. A relative opened the front door, shortly followed by Mark, who thought it was an Amazon delivery.

Mark was immediately served with the Anton Piller order. He had two hours to seek legal advice before the search party entered and was immediately required to hand over his mobile phone and other relevant electronic devices. He was not to be left out of sight for the day.

Search party

Two hours later, the legal team search party was allowed in. There was no protestation or outward denial of wrongdoing, and Mark granted access to the search party. The incumbents’ movements were monitored carefully to mitigate the risk of Mark destroying key documents or dissipating his assets. As the funds are digital, any internet access is high-risk, and 30 seconds locked in a toilet is enough time to put the USDC or other assets out of reach. As ordered by the judge, his phone was imaged on site and returned without delay.

All relevant electronic items were secured, including mobile phones, a PlayStation5, USB sticks, memory cards and a gaming computer. Physical reviews of paper, including receipts and pages of old cheque books, might reveal seed phrases (a collection of innocuous words, which, when input, give access to a crypto wallet) or private keys.

Mark was required to give the forensic imaging team access to all relevant accounts, including financial and crypto trading accounts. He maintained various cryptocurrency accounts with several providers and also held an account for Monero, a privacy-focused cryptocurrency designed to make tracing difficult.

The search lasted until around 1730, a time deemed reasonable to avoid unnecessary intrusion. The next two days were a weekend.

Freezing order

Mark was also served with the worldwide freezing and proprietary orders on the search day. Although he could technically move funds and dissipate assets, if it were found that he had done so after service, he would have been in contempt of court (a criminal offence). The power of that deterrent may have been reinforced by his mother, who happened to be a lawyer. Non-compliance, in his mind, may be outweighed by the value of the assets.

The freezing order also required him to detail all worldwide assets worth more than £1,000 on working day nine. This is vital. If he had the stolen funds or any proceeds, he must disclose them — unless, in limited circumstances, they are incriminating — or face contempt of court.

Settlement negotiations

Settlement offers yield quick results, especially when court hearings are imminent and pressure is greatest. As the first hearing was ex parte, the process required a further hearing two weeks later to allow Mark, the respondent, to seek to amend, discharge or agree to continue the orders. This is called a “return date” and is for the benefit of the respondent following ex parte hearings.

Mark’s lawyers made various attempts to settle. However, on working day nine, no agreement had been reached, and Mark was required to disclose his assets by 1730.

This was the overwhelming pressure point for settlement, because without a deal, Mark would now have to disclose his assets.

Eventually, Mark offered to agree to stay proceedings and discharge the orders, after which he would send more than 1.5 million USDC to the hedge fund directly, on a peer-to-peer basis.

Since trust was low, the preferred mechanism was inverse, such that the parties would agree that, upon receipt of Mark’s funds, the hedge fund’s lawyers irrevocably undertook to file a consent order (agreed by the parties) to stay proceedings and discharge the orders, subject to a short contract detailing terms. Mark was to send the funds in two stages, one dollar first, then the balance, to ensure transaction integrity.

The hedge fund made a take-it-or-leave-it offer: recover the money first, or Mark discloses and the parties proceed to litigation, knowing he had more than 1.5 million USDC that could be paid into the court as security during the proceedings. Mark took the deal.

Peer-to-peer settlement

This was a pure peer-to-peer settlement. The respective lawyers did not hold nor were they in any way in control of the flow of funds. On a call, Mark sent the first dollar, which the hedge fund received. Notably, the sending address was now identifiable, given that the transaction took place, and the hedge fund conducted a cursory review of the address.

Mark then paid the balance directly to the hedge fund.

Upon receipt, the consent order was filed, and proceedings were stayed. This was working day nine.

Decisive action

Understanding blockchain analytics helped to identify Mark, where there were no other obvious targets in the aftermath of an emergency. Convincing evidence of wrongdoing led to draconian injunctions and the Anton Piller order, which put enormous pressure on Mark. The settlement offer resulted in Mark’s disclosure of approximately 1.5 million USDC, which was the determining factor.

Within nine business days, the hedge fund’s team had changed the position from a complete unknown to obtaining more than 80% of the value of lost USDC, the hedge fund being satisfied that the balance had been dissipated and/or not worth the cost to pursue.

Often, published court proceedings involving lost cryptocurrency have yielded less-than-satisfactory results for victims. Accordingly, it is important to share success stories and show that recovery is real when the facts align and the analytics are well understood.

[1] Anton Piller KG v Manufacturing Processes Ltd [1976] Ch. 55

Building a Digital Economy: Matt Green’s Contribution to techUK’s Vision

Posted on: November 3rd, 2025 by Ella Darnell

Matt Green, Head of the Blockchain and Digital Assets sector at Lawrence Stephens and Chair of the techUK Digital Assets Group, has been instrumental in developing their “2030 Vision- A roadmap for Building a Digital Assets Economy”, which launched on 16 October.

Designed to share insights on current and anticipated use of distributed ledger technologies, the Vision 2030 draws on perspectives from across the Blockchain and Digital Assets ecosystem – from across Layer-1 chains, professional advisors, to financial houses, blockchain forensic software providers and beyond – identifying the opportunities that will help strengthen UK’s position as a global financial hub, a centre of innovation and a market where technology is used for good.

In recent years, regulators, policymakers, and governments have each mapped their digital ambitions. The UK Digital Strategy 2017 highlighted the economic benefits of digital skills, while the 2022 update focused on establishing the UK as a leading technology hub. More recently, the UK International Development’s Digital Development Strategy 2024–2030 signalled a broader digital transformation of society. This was reinforced in the Chancellor’s Mansion House speech earlier this year, which committed to “drive forward developments in blockchain technology… so that UK financial services can be at the forefront of digital asset innovation.”

The 2030 Vision brings together industry views on where we are today, where we are heading, and what is needed to ensure that by 2030 the UK is not just adapting to change – but leading it.

To read the report, please follow this link.

You can read more about our Blockchain and Digital Assets services here.

Matt Green Shares Expertise on BBC’s File on 4: Investigating Crypto Crime in the UK

Posted on: October 2nd, 2025 by Ella Darnell

Matt Green, Director and Head of Blockchain and Digital Assets, is a regular commentator on all things crypto and recently featured in BBC’s File on 4, one of the UK’s most respected investigative journalism programmes.

File on 4 has built a reputation for in-depth investigative reporting on some of the most pressing topics in society, from political scandals and corporate misconduct to human rights and financial crime. Produced by BBC Radio 4, the programme is known for shaping public understanding and policy on the UK’s most complex issues and has a weekly audience running into millions.

In this episode, which aired on the 30 September, File on 4 investigated the surge in phone thefts across London and the associated theft of funds from online accounts. In 2024 alone, there were up to 80,000 devices stolen in London’s streets and transport network. The loss to users goes far beyond having to replace stolen devices, as gangs are now exploiting unlocked phones to access victims’ online banking and cryptocurrency accounts.

Matt offered his expert insight into why crypto assets are particularly attractive to criminals, and how victims’ funds are emptied and transferred into criminal accounts: “The problem is that there are no regulatory provisions that ensure you can get your money back. You have to spend, as a consumer, a good deal of money paying for investigators and lawyers to seek to recover your funds. That is expensive, it doesn’t always work because funds can be sent to various jurisdictions which don’t always comply with court orders, and it makes the process a lot more difficult. I would like it so that there is some sort of duty or obligation for crypto currency exchanges to play a role in helping consumers and protect them further.”

Known for his work tracing and recovering crypto assets across borders, Matt regularly advises on high-value disputes involving blockchain technology and has helped shape UK legal precedent on digital property. As part of his role as chair of techUK’s Digital Asset Working Group, he is closely involved in the drive to improve regulation to help consumers recover stolen digital assets.

You can listen to the full podcast here, Matt enters the conversation at 29m16s.

To read more about our blockchain, digital and crypto assets services, please click here.

Matt Green co-signs letter to UK Government urging inclusion of DLT in UK-US Tech Bridge

Posted on: September 12th, 2025 by Ella Darnell

Director and Head of Blockchain and Digital Assets, Matt Green, has co-signed a letter to the UK Government alongside a coalition of leading associations from the digital, finance, and technology sectors, proudly representing techUK.

The letter, addressed to the Secretary of State for Business and Trade, urges that distributed ledger technology (DLT) – particularly tokenisation and stablecoins – be included as a core strand of the upcoming UK-US Tech Bridge. The signatories highlight that this transatlantic initiative presents a once-in-a-generation opportunity for the UK and US to set global standards in digital finance, strengthen their markets, and reinforce their joint leadership in financial innovation.

Matt Green, who signed in his capacity as Chair of the Blockchain Working Group at techUK, joined representatives from the City of London Corporation, UK Finance, Global Digital Finance, TheCityUK, the Crypto Council for Innovation, The Payments Association, and others in calling for the Government to seize this critical opportunity. The coalition’s effort was coordinated by the UK Cryptoasset Business Council.

Click here to read their letter in full.

This news was covered by Bloomberg.

Preparing for Cyberattacks: What Jaguar Land Rover Can Teach Modern Businesses

Posted on: September 9th, 2025 by Natasha Cox

Director Dominic Holden explores how businesses can protect themselves and mitigate the risks of a cyberattack, following the recent incident at Jaguar Land Rover, in Computer Weekly.

Dominic’s article was published in Computer Weekly, 9 September 2025, and can be found here.

A cyber-attack at Jaguar Land Rover has halted production lines and caused wide-spread disruption. How can businesses protect themselves and mitigate the risks of an attack?

A single cyber incident can halt production lines, dent customer confidence and wipe millions off a company’s share price – as Jaguar Land Rover (JLR) discovered after it was forced to shut down operations last week.

There is, though, much a business can do to prepare for a cyber attack to both reduce the prospect of falling victim to an attack and to mitigate the loss they can cause.

Preparation: A non-negotiable first step

Effective cyber resilience begins long before an attack occurs, and preparation can be key in mitigating the financial, technical or reputational damage. As such, many boards are now beginning to treat cyber security as a strategic priority, not a technical afterthought.

Effective preparation can encompass several aspects, and this can differ from business to business.

Often, this includes the creation of a clear, rehearsed incident response plan that identifies who does what in the first 72 hours and beyond, from isolating systems to briefing the regulator. The most effective plans are rehearsed by running crisis exercises and simulations so that staff know their roles, and leadership can practise decision-making under pressure.

Backing up your systems and testing that these systems can be restored quickly if compromised is also critical, with the JLR incident showing just how much damage a full shutdown of operations can cause.

Staff can also be more effectively trained to spot phishing attempts, unusual device activity and other red flags which may indicate an attempted breach of a company’s systems. Staff should also be made aware of the importance of ensuring that they install the updates that are rolled out by their IT team.

Cyber insurance is also key. There are many specialist brokers that can assist in tailoring a policy to the risks faced by the company. The process of obtaining the insurance often highlights issues with the company’s existing security and should provide essential support in the event of an attack.

Without such planning and preparation, a business will become more vulnerable to an attack and struggle to respond effectively when the pressure begins to increase.

The first 72 hours

If, despite your preparations, you fall victim to an attack, the first 72 hours are critical. This is where your planning pays off.

Where personal data may be at risk, the Information Commissioner’s Office (ICO) will need to be informed within 72 hours, and you may also need to notify your customers and suppliers of the risk. A PR team with expertise in crisis communications can be an important ally to avoid lasting reputational damage to the business.

Engaging law enforcement at the earliest opportunity is also advised. Reporting the incident to the police and Action Fraud creates a record that can support recovery and wider investigations. Notifying your insurers as soon as possible so you get support from specialist “breach response” advisers, including lawyers and computer forensic specialists, can avoid a misstep during a chaotic and stressful time.

A computer forensics team can move quickly to quarantine the affected systems and help you recover operations quickly, while also preserving evidence. A breach response lawyer will ensure you comply with your regulatory obligations and assist you in formulating a strategy to minimise the claims from suppliers and customers that can often follow.

The ransom question

One of the hardest decisions for businesses that fall victim to a ransomware attack is whether to pay a ransom – where one is demanded. While the National Crime Agency strongly advises against this, as there is no guarantee of restoration and payment encourages further crime, many organisations faced with operational paralysis may consider it a last resort.

Such ransom payments are often demanded in cryptocurrency, and their payment can be covered by insurance, so it is important for businesses to check their policies to see whether this forms part of their cover. It may also be possible to recover the ransom even after it has been paid. Specialist lawyers in crypto recovery can advise whether this is a possibility.

Lessons from JLR

The lesson from the JLR incident is simple: cyber security is no longer just an IT problem – it is a boardroom issue.

Boards must demand robust planning, allocate resources and ensure rehearsals are carried out. Only then can a business minimise financial and reputational damage when an attack occurs.

UK Crypto Regulation Update: HM Treasury’s New Rules Target Scams and Support Fintech

Posted on: July 28th, 2025 by Natasha Cox

In April 2025, HM’s Treasury published a long-awaited overhaul of crypto regulation, via a draft statutory instrument to bring certain cryptoassets into our financial services regime – The Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025.

In theory, this gives the UK an opportunity to now compete with other financial hubs by clarifying the rules on issuing cryptoassets. Other players have already taken the leap, notably in the European Union, Middle East and United States. For the UK, there is plenty of work needed to close this gap.

Head of Blockchain and Digital Assets Matt Green and BCB Group CEO Oliver Tonkin analyse HM Treasury’s overhaul of the UK crypto regime, and discuss whether this is too little too late in driving investment and innovation to the sector.

Matt and Oliver’s article was published in Thomson Reuters Regulatory Intelligence, 24 July 2025, and can be found here.

For more information on our blockchain, digital and cryptoassets services, please click here.

Digital Asset Law Reform: Key Takeaways for UK Advisers

Posted on: July 17th, 2025 by Natasha Cox

Following the Law Commission’s proposals for crypto and digital asset reform regime, Director Matt Green explores what these proposals mean for advisers – as well as those looking to recover stolen or hacked cryptocurrency.

Matt’s article was co-authored with Ashley Fairbrother, Partner at Edmonds Marshall McMahon.

Matt and Ashley’s article was published in FT Adviser, 16 July 2025, and can be found here.

In June 2025, the UK’s Law Commission proposed new powers to drastically help victims of fraud following the loss of cryptoassets where key details, like the bad actors’ details, are unknown. These proposals would allow courts to grant free-standing information orders at the outset of crypto fraud investigations, before the victim needs to commit to pursuing a substantive claim.

This may prove to be a vital legal reform and significantly increase access to justice, especially when victims have lost significant funds, and do not want to risk spending more money pursuing unknown parties who may or may not still hold funds.

The crypto fraud epidemic

Fraud concerning cryptoassets is a significant issue for consumers and businesses alike. Chainalysis’s “The 2025 Crypto Crime Report” notes that ‘pig butchering’ scams (i.e. scams via social engineering) have increased 40% year on year, and cost victims a total of $9.9 billion as of 2024. Separately, Chainalysis’s report notes that $2.2billion was stolen from crypto platforms across this period.

Last year, Action Fraud – the UK’s reporting centre for fraud and cybercrime – reported over 649,000 instances of investment fraud, with 66% attributed to crypto investment related schemes. Individuals are losing life savings, family homes and pensions, and taking out astronomical loans to pay fraudsters who demand more money to release funds already taken under the guise of investment profits.

Scams are often initiated by telephone calls, texts and emails from actors purporting to be from major cryptocurrency exchanges or banks who hold convincing personal data, usually obtained via data scraping, to harbour a victim’s trust and eventually extract funds. Assets are then typically laundered to facilitate human trafficking, drugs trades and organised crime.

Currently, victims can follow their funds across their respective blockchains by providing practitioners with their transaction identifiers, which show the funds being withdrawn or sent from their control to the fraudster. Following a traceable laundering process, funds can end up at centralised retail outfits like Binance, Kraken and Coinbase, offshore swapping services like SimpleSwap and ChangeNow, to purportedly decentralised outfits, who offer services without obtaining Know Your Client documents or Anti Money Laundering checks, performing permissionless transactions.

Once at these exchanges, victims need to know key information to consider the viability of pursuing a legal claim, including details of the exchange’s customer, information concerning internet-protocol addresses, trading histories and, of course, the balances held at accounts. Without this information, it is extremely difficult to consider whether a victim should spend good money chasing lost assets, and in most reported cases, victims have taken a high-risk approach in pursuing “persons unknown” with limited information.

To obtain this material, lawyers can use gateway 25(b) of the Civil Procedure Rules (which dictate the rules around litigation in England and Wales), which requires victims to start a substantive claim alongside an application for disclosure of information. This means they must be prepared to sue someone and detail the claim clearly at that stage.

As a commercial proposition, this might be extremely costly. The Law Commission recognises this at paragraph 3.78 of its report, where it states that “victims are not always able to say that they definitely intend to commence proceedings in England and Wales”

Similarly, to obtain wider reliefs against perpetrators, including a worldwide freezing injunction which prohibits the defendants from moving or dissipating their assets globally up to the value of the claim, the victim must also show from the outset that they have other assets to the value of the loss, on the basis that the injunction detriments the defendants unfairly. This is an enormous burden for any victim of fraud to overcome, without really knowing anything about the defendants.

Currently, the bar to entry is very high. Only those with deep pockets, and a high appetite for risk, can pursue their funds via the courts.

The Law Commission’s proposal

The Law Commission has recently published the “Digital assets and (electronic) trade documents in private international law, including Section 72 of the Bills of Exchange Act 1882, consultation paper” to assist victims, by allowing the court to grant a “free -standing information order to assist a claimant at the initial investigations stage of the proceedings”.

Should the proposal be successful, this would allow victims to assess the viability of the claim and consider the facts at hand without starting a formal claim. The costs might be substantially lower, and without the risk associated with formal litigation.

The proposed test for granting one of these orders is provided at paragraph 4.92 within the consultation paper, and summarised as:

  1. The case has a certain strength, in that the claimant must evidence a wrongdoing;
  2. The disclosure of this information is necessary to allow the victim to bring legal proceedings or other redress;
  3. The court must be satisfied that there is no other court in which the claimant could reasonably bring the application for disclosure;
  4. The court must be satisfied there is an adequate link to England and or Wales. For example, that the victim resides, domiciles or is a national here. This might also include (though not explicit in the paper) that the defendant purports to have an adequate connection to this jurisdiction – for example where a scam investment website says the company is registered in England.

Effect and next steps

In principle, this initiative will drastically lower the obstacles to recourse by giving victims a cost-effective solution to assess a claim’s viability and mitigate litigation risks early on. A consultation period for this paper is open until 8 September 2025, and many law firms and individuals have already backed the Law Commission’s above proposal, including both of us as authors of this piece as well as our peers including Nathan Capone at Fieldfisher.

This reform is vital in widening access to justice by revolutionising the initial stages of crypto asset recovery by removing substantial financial and procedural barriers that currently prevent many victims from commencing a claim.

To find out more about our Blockchain and Digital Assets services, please click here

 

Lawrence Stephens & Howden Unveil Innovative Crypto Theft Recovery Solution

Posted on: July 7th, 2025 by Natasha Cox

Lawrence Stephens has partnered with Howden, the global insurance intermediary group, to launch a first-of-its-kind solution for the cryptocurrency sector. This innovative facility combines robust crypto theft insurance with expert legal asset recovery services, offering clients a comprehensive and credible response to digital asset theft.

The new solution delivers more than just insurance – it provides clients with a fully integrated approach that includes legal expertise, access to leading crypto vendors, and forensic recovery capabilities.

“At Howden, we believe in delivering solutions that go beyond traditional insurance,” said Freddie Palmer, Head of Digital Assets and Blockchain at Howden. “By partnering with Lawrence Stephens, we’re empowering our clients with a seamless, end-to-end service that combines technical insurance advice, legal recourse, and access to the broader crypto ecosystem. It’s a powerful response to one of the industry’s most urgent challenges.”

Key features of the facility include:

  • Specialist legal support from Lawrence Stephens to initiate asset freezing and recovery proceedings.
  • Insurance coverage that includes partial reimbursement of legal recovery costs when engaging Lawrence Stephens.
  • Access to a trusted network of crypto vendors and forensic experts to trace and recover stolen assets.

“We’re delighted to offer our legal expertise to the insurance market through this collaboration with Howden,” said Matt Green, Head of Blockchain, Digital Assets and Technology Disputes at Lawrence Stephens. “After all, the legal process began helping an insurer reclaim payment following a ransomware attack.”

This launch marks a significant step forward in institutionalising crypto asset protection, offering clients a credible, structured, and responsive solution in an increasingly complex digital landscape. As digital assets become more mainstream, institutional-grade protection is essential to build trust, reduce risk, and support the long-term growth of the crypto economy.

To find out more about our Blockchain, Digital Assets and Technology Disputes services, please click here

How the UK Can Back Crypto Innovation with Action

Posted on: June 27th, 2025 by Alanah Lenten

We now find ourselves at a critical crossroads in the evolution of financial technology. While the UK once made bold proclamations about becoming a global crypto asset hub, real progress has stalled, and the lack of regulatory clarity is beginning to weigh on investment, innovation, and job creation. In an era where blockchain, artificial intelligence, and quantum computing are converging to reshape global economies, the UK must act decisively or risk falling behind forward-thinking jurisdictions such as the US, Singapore, and the UAE.

While recent developments from the Financial Conduct Authority (FCA) – including the publication of a crypto roadmap and the UK Treasury preparing draft legislation to provide clarity on qualifying crypto assets, including stablecoins, which will fall under the remit of the Financial Services and Markets Act 2000 –  indicate progress, the pace of change remains too slow.

The UK has a golden opportunity to define a forward-looking, globally competitive framework for digital assets, but this demands bold leadership, joined-up policymaking, and a clear national strategy that puts emerging technologies at the centre of economic growth. In a joint letter to government, Matt Green, Head of Blockchain and Digital Assets and Technology Disputes at Lawrence Stephens, together with leading industry bodies, outlined a series of proposals to help the UK realise this potential. The article below explores their key recommendations in more detail.

Laying the groundwork for growth

According to the FCA, around 12% of UK adults, approximately seven million people, now own digital assets. Despite this, only 8% of global venture capital funding in the space went to UK-based firms in the past year. The US, by comparison, attracted a staggering 76%. If the UK is serious about becoming a leading force in the digital economy, it must close this investment gap with urgency.

At present, a fragmented approach to digital asset regulation is inhibiting progress. A new wave of global strategies led by national governments eager to capture the economic benefits of blockchain and Web3 is leaving the UK at risk of playing catch-up. From Dubai to Washington, governments are launching clear action plans, appointing envoys, and rolling out incentive programs to attract high-potential digital firms.

A clear path to digital leadership

That’s why a coalition of leading trade bodies, including the UK Cryptoasset Business Council, Global Digital Finance, The Payments Association, techUK and Lawrence Stephens has come together to call on the Government to implement a clear digital asset strategy. Representing both pioneering start-ups and established multinational firms, we believe the UK can and should be at the forefront of responsible innovation.

There are four key steps the UK can take to realise this ambition:

1. Appoint a blockchain special envoy

Just as the US government has appointed a high-profile blockchain envoy to spearhead policy alignment and investment attraction, so too must the UK. A dedicated envoy would serve as a strategic bridge between government, regulators, and industry, driving consistency, championing innovation, and positioning the UK as a premier destination for blockchain-related investment. The envoy would also play a crucial global role, representing the UK on the international stage and securing collaboration opportunities with leading digital nations.

2. Launch a government-led Digital Asset Action Plan

Like the coordinated approach seen in artificial intelligence, the UK should implement a comprehensive strategy for digital assets and blockchain technology. This could include a white-glove concierge service to support scale-ups, integration of blockchain into public services, and the development of a globally competitive tax and investment landscape. Targeted incentives would enable the UK to attract and retain the world’s most promising digital firms, ensuring job creation and long-term economic benefit.

3. Recognise the convergence of emerging technologies

Emerging technologies rarely operate in silos. Blockchain, quantum computing, and AI are increasingly interdependent, and together they promise to redefine industries from finance and defence to supply chains and public healthcare. For example, blockchain can add transparency and trust to AI systems, while AI can optimise blockchain functionality. These technologies working in harmony offer the potential to deliver transformative public services, from decentralised property registries to secure NHS data transfers. The UK must actively foster collaboration across these disciplines to maximise impact and support innovation at scale.

4. Create an industry-government engagement forum

Effective policymaking must be informed by those at the forefront of innovation. To that end, we propose the creation of a high-level industry-government-regulator taskforce, designed to ensure close collaboration and continuous dialogue across sectors. This would enable agile policymaking that reflects the rapidly evolving nature of digital technologies and ensures the UK remains ahead of the curve.

Unlocking long-term economic value

The potential economic impact of digital assets and blockchain is immense. A recent PwC report projects that blockchain could add £57 billion to the UK economy over the next decade. Globally, it could boost GDP by £1.39 trillion by 2030. Sectors like logistics, finance, health, and public services stand to gain the most, particularly through improved transparency, faster data transfers, and streamlined transactions.

Meanwhile, the UK’s legal infrastructure is increasingly ready to support these developments. The Law Commission’s recent endorsement of a new ‘third category’ of property to account for digital assets is a significant step forward, strengthening the legal foundation for cryptoassets, tokenised securities, and carbon credits. In doing so, the UK is proving it has both the legal and technological credibility to lead on digital assets.

Now is the time to act

The UK’s digital asset economy is already the largest in Europe, with £172 billion in on-chain transactions last year. Yet without bold, strategic intervention, we risk being eclipsed by more proactive nations. As innovation accelerates and geopolitical dynamics shift, the UK must seize its moment.

With the right leadership, a coherent regulatory environment, and an ambitious vision for innovation, we believe the UK can cement its status as a global hub for digital assets and blockchain technology.

Now is the time to move from ambition to action.

If you have queries on the above, please contact Matt Green

Read the other articles in this edition here : The Fineprint – Edition 1 – July 2025 – Lawrence Stephens

How to protect your crypto assets

Posted on: May 30th, 2025 by Natasha Cox

Director and Head of Blockchain and Digital Assets, Matt Green, comments on the recent series of attempted kidnappings of crypto entrepreneurs and discusses how to best protect assets stored on the blockchain, in The Next Web.

Matt’s comments were published in The Next Web, 29 May 2025, and can be found here.

“Despite the industry pining for decentralisation, much of the data points towards identifiable individuals with either massive wealth or access to third parties’ wealth. Simple blockchain analytics openly identifies addresses holding fortunes, and once those addresses are associated with named individuals (data triaging and clustering can unmask a pseudonymised  address), then criminals can see very clearly that a person holds significant wealth. Imagine your bank balances are posted online and through analysing open source data, the world can see it’s your account.

“In terms of crypto holders, the only thing stopping criminals gaining access is human error or force so kidnapping aims to break down the integrity of that human led security.

“The nature of blockchains means balances and addresses are public. In the same way van stickers read “no tools are kept in this vehicle”, it might be worth making a conscious effort to show a single person under duress is incapable of giving access to crypto holdings. Having clear statements about Multi-Sigs (Multi-Signature wallets) would likely deter kidnappers, who would have to pursue multiple individuals to make gains.”  

To out more about our work on blockchain, crypto and digital assets, please click here

Matt Green co-authors article on crypto-asset recovery for Oxford Law Pro’s Expert Essentials, Oxford University Press

Posted on: May 28th, 2025 by Natasha Cox

Writing for peer reviewed Oxford Law Pro’s Expert Essentials, Head of Blockchain and Digital Assets Matt Green and Outer Temple Chambers’ barrister Henry Reid provide a practical guide on the recovery of misappropriated crypto-assets.

Matt and Henry’s article was published in Oxford Law Pro, 14 May 2025, and can be found here.

Following the $1m loss of the stablecoin Tether, Matt and Henry explore the practical issues of asset recovery – including the use of blockchain analytics reports, dealing with crypto exchanges and pursuing persons unknown – as well as the legal considerations.

The article begins by discussing an example of a scam in which the claimants transfer one million Tether to persons unknown, considering the movement of these assets across the blockchain and their subsequent deposit at crypto exchanges. 

Matt and Henry then analyse the viability of potential legal proceedings, discussing potential routes to recover the misappropriated assets, and outline how to approach cryptocurrency exchanges at a pre-action stage.

Their article concludes with a narrative on preparing an ex parte application against these persons unknown, as well as seeking a worldwide freezing injunction to prevent the dissipation of the stolen crypto and seeking disclosure from the crypto exchanges to identify customers who have received the traceable proceeds.

Dominic Holden discusses proposed ransomware ban in Law 360

Posted on: May 23rd, 2025 by Natasha Cox

Director Dominic Holden discusses the UK government’s proposals for a ransomware ban in Law 360.

Dominic’s article was published in Law 360, 22 May 2025, and can be found here. 

Ransomware ban move could push hackers to private sector

The government’s bid to crack down on ransomware payments could heap pressure on companies in crisis without any guarantee that it will pull the plug on the billion-pound cybercrime industry, lawyers say.

Proposals by the Home Office to ban public entities from making ransom payments and to require other bodies to consult with the authorities before they consider sending money to their attackers are intended to undermine the ransomware business model by making the U.K. a less profitable target.

But lawyers warn that the proposals, set out in a wide-ranging government consultation, appear to underestimate the opponents.

“Deceptively simple and undoubtedly well-intentioned, the proposal borders on the naive,” Julian Hayes, a partner at BCL Solicitors LLP said. “Even if it worked, it would simply drive ransomware attackers to softer targets.”

Ransomware pulled in more than £1 billion ($1.3 billion) from victims worldwide in 2023, according to the Home Office. It has become a lucrative source of cash for cybercriminals and state-sponsored actors able to infiltrate businesses and government agencies and take control of their networks and data.

Law enforcement agencies and the government see it as the biggest cyber risk facing businesses in Britain. But it is also perceived as a direct threat to national security because of the ability of criminals to shut down hospitals, energy suppliers and grocery chains.

The National Cyber Security Centre helped to manage 317 ransomware incidents in the 12 months to August 2024. They included 13 separate attacks deemed to be “nationally significant” that “posed serious harm to essential services or the wider economy.”

They include Russian hackers who stole private medical data in June 2024 in a ransomware attack on a medical testing company, Synnovis Services LLP, that disrupted London hospitals. And hackers demanded £600,000 from the British Library to prevent publication of stolen files, a demand it refused to pay, in October 2023.

What to do about the problem divides opinion. Some experts say that paying the ransom puts money in the pockets of organized crime, terrorists and sanctioned individuals — with no guarantee that the stolen data will be returned or services resumed. Paying helps to create a business model, encouraging more attacks.

Many organizations targeted do not pay. Most victims interviewed by the National Crime Agency said they did not want to reward their attackers.

But principles come at a cost.

Marks & Spencer the grocery and clothing chain, continues to lose money following a recent ransomware attack that has disrupted service and will cost it an estimated £300 million. And the Legal Aid Agency, which revealed in May that data dating back to 2010 had been stolen, warned anyone who had applied for legal support in criminal cases that they face the risk of being scammed.

But some companies see no other option. LockBit hackers hit Allen & Overy with a ransomware attack in 2023, but later retracted its threat to release the stolen data. Cyber-experts have interpreted this as a sign that A&O paid out to avoid sensitive client information from being released, although the firm never publicly commented.

Against this backdrop, the Home Office said in March that it was consulting on a range of proposals. They include a limited ban on publicly owned bodies and operators of critical national infrastructure making payments, mandatory reporting of all ransomware attacks by companies that meet thresholds and even approval by the government before they make any payment.

But lawyers warn that the proposals are risky. Payments are already widely viewed as the last resort, a drastic step for companies to take only when backup files restoring their operations fail or there is a risk that the stolen data is not encrypted.

James Longster, a partner in the technology and commercial transactions practice at Travers Smith LLP, said that private sector clients, particularly financial services firms, are concerned that putting restrictions on public-sector targets will simply push criminals to intensify their attacks on them.

“There isn’t a magic answer,” Longster said. “People want to do something because it’s a problem. It’s hard to work out exactly what that is.”

There was also doubt among observers about how the proposals would work in practice. When would companies, trying to get to grips with resuming service, be required to notify the government of the attack? How would a ban, if it was extended to the private sector, affect global companies in countries where there was no bar to payment?

The government has already introduced compulsory reporting of cyberattacks in the Cyber Security and Resilience Bill, which is making its way through Parliament. Victims would be required to report an incident only once. But lawyers say a lack of detail means it is unclear how the proposals would sit alongside existing notification requirements, potentially delaying payment during talks with authorities — and prolonging the disruption.

Business leaders fear the proposals might also lead to expensive red tape when they are already under pressure. Companies already face a race against the clock to disclose cyberattacks to their regulator, the Information Commissioner’s Office — and, potentially, to individuals if personal data was stolen.

Longster predicted that the ban on public sector bodies making payments might not make it into legislation if there was resistance during the consultation. But he said that the reporting obligations to the central government “could meaningfully turn the dial” by equipping law enforcement agencies with the best information possible.

Another proposal would require businesses to gain government clearance to ensure that money would not go to sanctioned individuals or terrorists. Christopher Whitehouse of Reynolds Porter Chamberlain LLP said that limited legislation introducing a reporting requirement – but not going as far as an outright ban – would be a good compromise.

“Save for those extreme cases, if there’s something companies could do to survive, but aren’t allowed, it’s going to be a tough sell,” Whitehouse said.

Britain would become one of few Western governments to introduce the ban – perhaps the only one – if it did so. Many countries have pledged not to pay ransomware, but none have actually made it illegal, even if it involves paying a sanctioned entity.

Some U.S. states have passed legislation banning public authorities from paying ransoms, but experts have warned that the results have been mixed.

Hayes of BCL Solicitors also said that the potential ban on government agencies making payments overlooks the fact that hackers, particularly those backed by hostile governments, are often more interested in causing chaos than making money.

Outlawing ransomware payments “risks making hostages of us all,” Hayes said.

“Such sophisticated threat actors are highly unlikely to surrender without a struggle,” Hayes continued. “Far from being deterred, such groups are more likely to fight tenaciously to protect their lucrative business models, with ‘big game’ ransomware groups intentionally targeting the U.K. essential services on which we all rely, both to break the government’s will and serve as a warning to like-minded countries not to follow suit.”

Some lawyers advocate for a more aggressive policy to help ensure that does not happen.

Dominic Holden of Lawrence Stephens said that hackers would look abroad if it was illegal for public and private sector entities to pay out.

Support for small and midsized businesses in the form of tax breaks or subsidized insurance premiums would also mean that the incentives to target the U.K. would vanish, Holden said.

“If the government is going to do this, I don’t think they should do it in half measures,” Holden said. “If you’re going to eradicate the problem, and disincentivize the hackers so they go overseas in jurisdictions where they can be paid, then grasp the nettle and ban all payments.”

Mark Jones, a partner at Paynes Hicks Beach LLP, said there were also concerns that the mandatory reporting requirement could then trigger regulatory scrutiny. The government would have to assure companies that the information would remain confidential if it wants to win support for legislation, Jones said.

“I would also hope to see measures to support those who are victims of ransomware, rather than simply add to the stress of the situation,” Jones added.

For more information on our cryptoassets expertise, please click here.