Luno Considering Appealing Court Order After Hacked Crypto Investor Wins RM700K Lawsuit
The Sessions Court recently awarded a Malaysian businessman over RM700,000 after he won a lawsuit against crypto trading platform, Luno
The man, Yew See Tak, filed a lawsuit against Luno Malaysia Sdn Bhd for negligence after discovering alleged unauthorised transactions amounting to RM600,000 in cryptocurrencies, as reported by The Edge Malaysia.
These alleged transactions took place in March 2021.
Here's a quick breakdown of what happened:
6 March 2021: Yew's Luno account which held RM566,750.70 worth of crypto is allegedly used to purchase 2.730096 Bitcoin (BTC) in three transactions without his authorisation. The newly purchased BTC, along with an existing 0.15106083 BTC in Yew's Luno account, are then transferred into an unknown account without his consent.
7 March 2021: Yew reports the alleged unauthorised transactions to Luno's customer service. However, Luno denied that Yew made the report on this date.
8 March 2021: Luno locks Yew's account.
25 August 2021: Yew files a writ of summons against Luno Malaysia in the Sessions Court, alleging negligence on their part.
Yew acknowledged that he had lost access to his personal email account and password, and that his mobile device was "hacked"
However, he alleged to the court that Luno had failed to prevent the unauthorised transactions, causing his account to exceed the daily transaction limit.
Yew also alleged that the crypto trading platform had failed to take the necessary security measures such as alerting him about the transactions and freezing his account due to suspicious activity.
He also filed the lawsuit alleging that Luno had not only failed to detect possible money laundering activities, but also had not reported the dubious transactions to the Securities Commission Malaysia (SC).
Luno, however, argued that despite its robust security system, the responsibility ultimately belonged to Yew
In a statement to SAYS, Luno emphasised that its security features in place worked as they were designed to.
"The Luno security features in place worked as they were designed to and these transactions were only possible because an individual had access to the plaintiff's (Yew) email, password, and security details (including third-party 2-factor-authentication (2FA) codes), and was able to authorise each transaction via an SMS authorisation link sent to the plaintiff’s mobile phone," the platform stated.
Luno claims the onus was on Yew to secure his account since the alleged transactions were done through his smartphone and authorised via an SMS sent to his number.
The crypto trading platform also didn't detect any unusual sign-ins when the incident happened.
The Sessions Court ruled in favour of Yew and ordered Luno to compensate him RM697,920.05
Luno was ordered to pay Yew RM597,920.05 together with RM100,000 as exemplary damages.
Luno is now mulling to file an appeal to the High Court against the decision
In the statement, Luno said that it respects the Sessions Court's decision but is considering filing an appeal.
"Luno nonetheless fully respects the Court's decision, and will therefore not be making any further comment on the matter while it remains before the courts. We are in close contact with our external counsel in relation to an appeal against the decision," they said.
Despite the issue, Luno still has some of the most intensive security processes in crypto
According to an April 2023 ranking by CCData, Luno's security is among the best. It played a big factor in Luno's selection to become the first regulated crypto trading platform under the SC.
Luno said it will continue to remain committed to follow strict procedures to keep its customers' cryptocurrencies safe and secure.
"We do our utmost to educate customers on the importance of vigilance in managing personal data and offer a range of educational materials to help customers maintain proper password health. We also provide all customers with a number of additional security features, such as trusted device security and two-factor authentication, and we regularly encourage customers to use these additional layers of account protection."