In May, a New York district court denied an insurer’s motion to dismiss a policyholder’s complaint in Atwal v. NortonLifeLock, Inc. In Atwal, the policyholder sought coverage for approximately $12 million (2.09 million EOS) in losses he sustained after an unknown third party stole his private keys via a fraudulent application, accessed his wallet, and drained it completely. The policyholder turned to his insurer, NortonLifelock, for coverage. So far, the court has agreed with the policyholder that there might be coverage under his Stolen Identity Event Insurance policy.
This is one of the first decisions addressing insurance coverage for digital assets and raises the following important questions:
- Is a digital asset, like EOS, a “security” under the policy definitions?
- Is a private wallet, like the policyholder’s EOS private wallet, an “account,” i.e., a U.S. regulated financial institution under the terms of the policy?
- Is the hacking of a private wallet covered under this identity theft policy?
These are hot topics in crypto law. Here, the court deferred to the SEC’s interpretation that EOS is a security, although the insurer contests that decision in the context of its policy. The court rightly held that the policyholder’s case could not be dismissed on the pleadings, leaving the ultimate decision on some of these questions open for another day. It will be interesting to see how the rapidly developing legal and regulatory landscape of crypto interacts with the well-trodden contract interpretation rules of insurance law. A decision that this identity theft policy covers digital wallet thefts could pave the way for other digital asset holders who seek coverage for similar losses.
This case also can serve as yet another reminder to be vigilant in the applications you connect to your wallet and how you store your private keys.