On July 5, 2017, five individuals filed a putative class action against Payward, Inc. d/b/a Kraken alleging violations of state law after a flash crash in May.

Launched in 2013, Kraken is the largest Bitcoin exchange in euro volume and liquidity, and was the first Bitcoin exchange to have trading price and volume on the Bloomberg Terminal. In May 2017, a large sell order for the cryptocurrency, Ether, was placed and, simultaneously, Kraken experienced a distributed denial of service (DDoS) attack for approximately one hour, which caused Kraken’s website to crash. During the DDoS attack, users were unable to access Kraken’s website to manage their investments following the selloff, and customers’ accounts on the margin were liquidated at Kraken’s discretion.

Following the flash crash, plaintiffs filed suit seeking to recover over $5 million lost as a result of Kraken’s alleged actions and omissions. Plaintiffs claim that if Kraken’s exchange had functioned properly during the crash, customers would have been able to manage their accounts and avoid liquidation. Alternatively, plaintiffs allege that Kraken could have suspended trading during the lockout. According to the complaint, plaintiffs held margin accounts, and Kraken liquidated approximately $329,000 among the five plaintiffs. Plaintiffs’ three-count complaint alleges causes of action for negligence, breach of contract, and unjust enrichment.

This case raises questions as to what duties and obligations a Bitcoin exchange may have with respect to website functionality and security protocols, particularly as the industry is seeing an increase in both new users and trading. As Bitcoin trading becomes more commonplace, there will likely be an uptick in litigation of these issues.