EddieJayonCrypto

 29 Jul 25

tl;dr

A German appeals court ruled that using known wallet passwords to transfer cryptocurrency without authorization may not violate criminal law. The case involved a defendant who exploited a retained 24-word recovery phrase to transfer €2.5 million in tokens without permission. The court decided this d...

A recent ruling by a German appeals court has sparked controversy by determining that using known wallet passwords to transfer cryptocurrency without authorization may not breach criminal law. This decision has ignited criticism from both legal experts and the crypto community, who fear it reveals a troubling loophole in existing regulations.

The case involved a man who assisted a complainant in setting up a crypto wallet containing €2.5 million worth of tokens. The defendant created the wallet and retained the 24-word recovery phrase, which the victim failed to change. Subsequently, the defendant exploited this knowledge to transfer and potentially steal all the coins without permission, also providing false statements about the incident.

The Higher Regional Court of Braunschweig ruled that since the defendant used passwords he had legitimately set and retained, this did not constitute hacking. By this logic, the act failed to meet Germany’s Criminal Code criteria of “overcoming a special access security.” Additionally, the court dismissed claims of computer fraud and data tampering, emphasizing that blockchain technology verifies only valid cryptographic signatures, not user intent or permission.

Effectively, this judgment removes criminal liability for transferring assets using known credentials, even if obtained improperly, under current German law. It shines a light on the legal system’s struggle to reconcile traditional theft concepts with the decentralized, cryptographic nature of blockchain assets. While the ruling acknowledges potential civil breaches, such as contract violations or broken trust, these do not inherently translate to criminal offenses.

Importantly, the court distinguished this scenario from cases involving fraudulent or hacked credentials, which could still invoke criminal charges. This judgment specifically pertains to non-technical access using pre-existing passwords or recovery phrases. For now, it exposes a significant legal grey area that German legislators have yet to address, raising critical questions about the future regulation of cryptocurrency ownership and security.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 1 Aug 25
 1 Aug 25
 1 Aug 25