Cryptocurrency/NFT Breaches

If you are a victim of a data protection failure, check out our current group actions below to see if we are running a claim related to that specific breach. You may be able to recover your stolen crypto/NFT assets with our experienced cybercrime lawyers.  

Get your money back after a crypto/NFT fraud violation

Like traditional money, cryptocurrencies can be used to buy goods and services, and they can be traded for profit. NFTs – a digital asset stored on the blockchain – are also becoming extremely sought-after, with many going for serious amounts of cash. So it is no surprise that the crypto and wider NFT market is being targeted by criminals, with the equivalent of millions of pounds being stolen each year.  

At KP Law, our cybercrime experts help to recover losses where crypto/NFT fraud can be linked to a data breach or hack. For example, if your crypto or NFT wallet was hacked, and a criminal transferred your assets to another wallet. 

With specialist crypto asset legal expertise, we investigate and pursue stolen crypto assets on the blockchain. Our cybercrime experts are experienced in tracing and recovering the proceeds of fraud across jurisdictions, including against ‘persons unknown’.  

Where necessary we will arrange freezing orders, disclosure orders, and search and seizure orders to help us track and identify misappropriated assets. We also use the appropriate orders (e.g. Norwich Pharmacal or Bankers Trust) to reveal the identity of the thief. Ultimately, we use all the available legal channels to recover the stolen assets. We can also secure emergency relief through urgent interim injunctions. 

As specialist litigation lawyers, with an enviable reputation when it comes to helping our clients resolve cybercrime disputes, we provide experienced, high-quality representation. We also have a range of funding options available, including no-win, no-fee where appropriate.  

Stolen crypto assets move quickly. So, if you have experienced Bitcoin, NFT, or another form of cryptocurrency theft following a data breach or hack, you should contact us without delay.  

KP Law is a group action law firm. With a group action claim, you and the other victims join together and fight to get compensation. Group actions can be a powerful tool and can have a bigger impact than a single claim.

If you are a victim of a data protection failure, check out our current group actions to see if we are running a claim related to that specific breach.

If you are involved in a potential group action not listed below, please contact us and tell us about it! Where enough people come forward, we may launch a new claim.

We do not take on individual cases.

Were you sold a crypto investment that turned out to be fraudulent?

If you were mis-sold a crypto investment that turned out to be fraudulent, or which was unsuitable for your needs, our Investment Fraud and Mis-selling team can help. 

*This link will take you to the KP Law Investment Fraud & Mis-selling website. 

Neil’s* GateHub cryptocurrency wallet data breach

Neil lost £220k in the GateHub data breach. The theft was made possible as GateHub’s cybersecurity was deeply flawed on multiple levels. 

Our experts pursued complex investigations into the security systems used by GateHub, and we exposed the flimsy security faced by the hackers. 

Find out what happened in this case, and how we helped Neil recover his losses and compensation from GateHub following the data hack. 

*Name changed to protect client confidentiality

What does the law say?

Historically, a largely unregulated market led to widespread crypto hacks and scams. But things are changing, and the English courts are adapting and responding to the evolving crypto asset market.  

Today, cryptocurrencies are recognised as proprietary assets, so they can be the subject of a proprietary claim. This makes it possible to recover misappropriated cryptocurrency through the proper legal channels (e.g., a proprietary injunction and/or freezing order).  In 2022, one key case* highlighted the extent to which the court is willing to support victims of cryptocurrency scams when it issued six worldwide freezing orders, interim injunctions, and disclosure orders to help recover stolen Bitcoin.  

In 2022, in a landmark ruling**, the High Court also recognised NFTs as legal property for the first time. This ruling makes it easier for NFT owners to recover any stolen assets, assuming they have the proper legal support.  

Why make a cryptocurrency breach compensation claim?

Hold organisations to account for failing to protect your private information.

Receive financial compensation for your loss.

Force organisations to implement better data security.

Getting your money back after a cryptocurrency scam

Getting your money back should following a NFT or other form of crypto hack can be challenging. But despite what many people believe, it is possible to recover from cryptocurrency crimes.  

How to get your money back following a cryptocurrency scam 

  • Ask your cryptocurrency provider to reimburse the stolen funds. 
  • If they refuse, you may be able to take your case to the Financial Ombudsman. 
  • Appoint a specialist data breach lawyer if the crime happened because the necessary security processes were not in place. 
  • Appoint a specialist data breach lawyer if another organisation breached your data and this was used against you. 
  • Appoint experienced cybercrime lawyers to trace and recover the stolen assets.  

At KP Law, our experienced team of data breach and cybercrime lawyers has everything it takes to get your money back.  


Cryptocurrency fraud, phishing, and data breaches

Cryptocurrency fraud sometimes happens after a data breach or hack. Criminals use the data exposed in breaches (often usernames and passwords) to access a person’s online accounts. This is possible as people often use the same login details for multiple accounts. Stolen data is easy to buy on the dark web, so if you are the victim of a data privacy violation, it is quite likely that different criminals could be trying to use your data against you. Scammers have turned their attention to crypto and NFTs, and they are often using stolen personal data to help them do this.  

Even those who are highly digitally aware are at risk. For example, in May 2022, digital NFT artist Beeple had their Twitter account hacked as part of a phishing scam. The hackers posted a tweet pretending to be a raffle of Beeple’s work, but a link took users to a dodgy website where Ethereum was automatically drained from their wallets. The hackers have reportedly stolen more than $70,000 in Ethereum. 


If you have been the victim of online fraud or identity theft, contact Action Fraud

Why use KP Law to make a claim?

We are one of the most experienced multi-claimant law firms in the UK.

We represent clients in group actions with innovation, resources, and expertise.

We work with expert barristers to ensure you get the very best level of legal support available.

We have all the resources and global expertise necessary to take on complicated cases and win.

We have offices in London, Liverpool, Manchester, and Birmingham, and the technology to provide a nationwide service to clients across England & Wales.

We use technology to deliver a better legal experience to our clients.

We work on a no-win, no-fee basis.

We make the process straightforward and hassle-free.

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loss

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.


GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.

Latest news

*SD v (1) Persons Unknown (2) Huobi Global Limited (trading as Huobi) [2022] EWHC 280 (QB) 

** Lavinia Deborah Osbourne v (1) Persons Unknown (2) Ozone Networks Inc. trading as Opensea