• Atlanta
• Boston
• Dallas
• Ft. Lauderdale
• London
• Minneapolis
• New York
• Oakland
• Philadelphia
• Washington, DC

by Megan Zeller

In an unpublished but nonetheless extremely important case, the Fifth Circuit recently found that the theft of Bitcoin does not constitute an “occurrence” because it is an intentional act. In Nationwide Mutual Ins. Co. v. Choi, appellants challenged a summary judgment motion granted by the Southern District of Texas, Houston Division, which found that an insurer had no obligation to provide coverage under a homeowner policy and personal-umbrella policy. 2024 WL 2131515 (5th Cir. May 13, 2024). The Fifth Circuit affirmed the lower court’s position.

The Fifth Circuit – as well as Texas – has long-held that in order for an act to qualify as an occurrence, there must be an accident, which is considered “a fortuitous, unexpected, and unintended event.” Lamar Homes, Inc. v Mid-Continent Cas. Co., 242 SW3d 1, 8 (Tex. 2007). As a result, the basis of any duty to defend claim rests on a complaint alleging an occurrence (or accident) that resulted in some kind of property damage or bodily injury. In this case, appellants failed to successfully show that a malware attack was an accident.

According to the underlying complaint, appellants Choi and Ng worked together in August 2020 to steal approximately 1,400 Bitcoin through a malware attack, which was worth more than $80 million at the time. The complaint alleged civil conspiracy, conversion, civil theft, and unjust enrichment. While Choi and Ng argued – rather weakly – that the malware attack resulted from alleged negligent conduct, the Southern District was not persuaded and found that a malware attack, based on the facts pled in the complaint, was not an accident. Choi and Ng also argued that unjust enrichment did not require proof of an intentional act, and therefore was an “occurrence.” Once again, the Southern District found that, based on the underlying complaint, the facts alleged showed that Choi and Ng’s unjust enrichment was motivated and planned. As a result, the Southern District granted the insurer’s summary judgment.

In a short and succinct ruling, the Fifth Circuit affirmed the Southern District’s position. The Fifth Circuit specifically rejected that a malware attack, as alleged in the underlying complaint, “should be interpreted as claiming negligence.”

Although this case is relatively straightforward, it is nonetheless highly relevant to the ever-evolving world of crypto-currency and cyber threats. Based on Choi, insurers should successfully be able to counter any duty to defend claims involving crypto-currency theft in the future. 

______________________________________

The opinions expressed are those of the authors and do not necessarily reflect the views of the firm or its clients. This article is for general information purposes and is not intended to be and should not be taken as legal advice.