Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."
"Control" has a specific meaning under UCC Article 12, which was ratified in 2022 and is slowly being adopted by U.S. states. It links some rights to control/possession of keys, even if a blockchain asset may have been stolen before being sold, https://www.clearygottlieb.com//news-and-insights/publicatio...
> Article 12 – dealing directly with the acquisition and disposition of interests (including security interests) in “controllable electronic records,” which would include Bitcoin, Ether, and a variety of other digital assets ... a good faith purchaser for value who obtains control (a “qualifying purchaser”) takes its interest free of conflicting property claims... Control under Article 12 is designed to be a technology-neutral functional equivalent of “possession.” It generally encompasses circumstances when a party has the “private key”
I think (I assume but could be wrong) in the average CEO X-tweet "control" likely only means 'control' nobody was reading through UCC Article 12 while drafting this message
As in: "The hacker gained access to" "The hacker took charge of" "The hacker assumed authority over"
It describes the legal status of stolen cryptocurrency changing after the first sale. This HN story is about stolen cryptocurrency. In particular:
> The wallet has sold around $200 million worth of stETH so far
If some of those sales took place within jurisdiction of a U.S. state that has ratified UCC Article 12, then the buyer of the stolen cryptocurrency is now the new legal owner.
.. “take free” regime introduced by the 2022 UCC Amendments for these assets. Under these rules, a person who acquires a CER for value, in good faith and without notice of any conflicting property claims, is deemed a “qualifying purchaser” and, as such, takes it free from any preexisting property claims.
The 2022 UCC Amendments draw heavily from the UCC Article 3 provisions for negotiable instruments, and these provisions have the effect of making CERs negotiable. It follows that if a secured creditor obtained a security interest in CER inventory and only perfected by filing, that creditor would be at risk of the debtor disposing of the collateral and transferring control to a qualifying purchaser that would take it free from any competing claim.
I think you're saying this is different to theft-of-car. A stolen car could be sold/bought a number of times, but any amount of years later the car belatedly identified as the one stolen from the rightful owner means it is returned. A fraudulently created title isn't enough to protect the bagholder from having to return the car.
It is important everyone is thinking real hard about how this is different from traditional theft: there is no way to actually prove the operators didn't just steal everything themselves vs actual real hack theft.
> Article 12 – dealing directly with the acquisition and disposition of interests (including security interests) in “controllable electronic records,” which would include Bitcoin, Ether, and a variety of other digital assets ... a good faith purchaser for value who obtains control (a “qualifying purchaser”) takes its interest free of conflicting property claims... Control under Article 12 is designed to be a technology-neutral functional equivalent of “possession.” It generally encompasses circumstances when a party has the “private key”