According to a complaint filed in a Florida court, a Cryptsy account holder is claiming that Project Investors, Inc. (dba Cryptsy) and its founder and CEO should be held liable for Bitcoin allegedly stolen from his Cryptsy account. The account holder claims that the approximately 140 Bitcoin he had in his Cryptsy account in December 2013 “was mysteriously drained” over an 18-minute period on January 26, 2014 through a series of unauthorized trades. The account holder alleges that he reported the theft to Cryptsy the next day but Cryptsy did nothing to recover or restore his Bitcoin. He also claims that Cryptsy was aware of a breach of its security protocol on or before December 2013 and that it was that breach which allowed the theft of his Bitcoin to occur.

The account holder has asserted several claims under Florida statutory and common law against Cryptsy and its founder (who is being sued as an alter-ego of Cryptsy): Florida’s Deceptive and Unfair Trade and Practices Act, common law fraud, Florida’s Civil Theft Statute, and Florida’s Securities and Investor Protection Act. In addition to recovering the value of his stolen Bitcoin (which he alleges has a present-day value of $60,000), he is seeking treble damages (triple the value of his loss), which he would be awarded if he proves a violation of Florida’s Civil Theft Statute. Underlying his claims under Florida law are factual allegations that Cryptsy failed to inform him that his Bitcoin would be held in an alleged “pooled wallet” under Cryptsy’s control (as opposed to a unique, individual wallet that he controlled), that his account was not secure and free from security breaches, and that Cryptsy’s computer systems had development issues due to an alleged lack of experience in coding and debugging, among other allegations.

Although this lawsuit has been filed by only one Cryptsy account holder and for a relatively modest sum of money, it is possible that this may encourage other account holders to file lawsuits if they suffered similar harm.

What is important about this case is the interest the Plaintiffs’ Bar is showing in Bitcoin related companies. This Bar has proven itself time and again to be very resourceful and opportunistic where they think there are viable theories of recovery under state or federal law that would support litigation. The flurry of private suits against the likes of Trendon Shavers and Butterfly Labs illustrate this point. Such actions also can focus regulators, both state and federal, on situations in which they may subsequently feel compelled to take their own action.

Ultimately, these types of cases raise the risks for exchanges and other businesses vulnerable to the type of claims alleged in the Cryptsy case. They put a premium on the need for having appropriately designed and implemented data security programs and loss prevention and mitigation strategies.