Securing your crypto assets: What you should know as an investor

In recent years, Estonia witnessed a remarkable boom in crypto-services providers, positioning itself as a go-to hub for cryptocurrency enthusiasts and businesses. On the one hand, businesses acquired a jurisdiction that allowed them to provide their services legally, on the other, the consumers got to send their investments to a company established in a reputable jurisdiction. 

However, this growth has been soured by a concerning surge in hacking attacks, several cases of high-profile bankruptcies and lost licenses, underscoring the urgency for investors to understand and navigate the complexities of securing their crypto assets in the current landscape. 

Reasons behind the Issues 

One of the main attractions for businesses acquiring an operating license in Estonia was its relatively relaxed licensing mechanism. Before 2022 there were no stringent requirements or supervision over providers of crypto services, leading to weak compliance. Such an environment has inevitably paved the way for bad actors to enter the market, creating a volatile ecosystem for investors. 

Nowadays, there are less than a hundred licensed providers of services operating under the Estonian license. With many procedures still ongoing, it is not certain, if all of these companies will remain operating in the years to come. 

The booming crypto market and the relaxed regulation provided little incentive for entities to invest in technology and security. This shortcoming often means that many platforms could be vulnerable to cyber threats.  

Additionally, we have seen several crypto businesses built upon the idea of perpetual growth, which has led to unrealistic business models. The lack of backup plans or substantial corporate reserves further compounds the risk. 

How the Bankruptcy Act comes into the picture   

In the unfortunate event of a crypto provider’s insolvency, the company operating it becomes subject to the regulation of the Bankruptcy Act. A bankruptcy proceeding can be initiated either by the company itself (if it identifies that it cannot fulfil its obligations) or by the creditor. A creditor, who is usually the user of the platform, can initiate the proceeding if the company is unable to satisfy their obligations.  

The petition for bankruptcy is reviewed by the court, and the interim trustee is appointed. The trustee’s primary role is to take an inventory of the debtor’s assets, evaluate the debtor’s financial situation, and report to the court. If the court finds the company insolvent, it is declared bankrupt. Following the declaration of bankruptcy, the court appoints a trustee, who takes over the debtor’s assets and administers the bankruptcy estate. It is at this point that the other creditors can submit their claims against the company.  

By law, the assets of the bankruptcy estate are sold by auction following the Code of Enforcement Procedure. With crypto web3.0 companies, this raises several challenges, which include: 

  • Access to Wallets: given the decentralized nature of the different crypto-assets, it might become impossible to gain access to them if the person with access to the wallets has gone into hiding or is simply not cooperating. In particular, smart contracts are automated agreements that run on blockchain technology and do not need any human intervention. However, this also makes it hard to change or cancel them if a company uses them for its operations.  
  • Representation of Creditors: Estonia currently lacks a comprehensive framework for class-action lawsuits, meaning that individuals with similar claims cannot jointly pursue litigation in a collective manner. This absence significantly complicates the representation of users, as each claim needs to be individually proven to the trustee and/or the court. The issue is complicated by the language of proceedings being Estonian, which might present communication barriers for international investors. 
  • Assessment of Claims: proving a client’s claim becomes another challenge. How does one demonstrate conclusively that they had a claim if they were using decentralised services? The requirement of proving the claim is made more difficult by the lack of reliable identification of the users. 
  • Valuation of Assets: there is no recognised methodology for evaluating the value of crypto-assets. The court proceedings have to be done in euros, which means that the parties can argue with each other to apply the exchange rate most favourable to them. 
  • Organisation of the Auction: organising a traditional auction for the sale of crypto-assets may be impossible in practice. The law does allow for the parties to agree to sell the assets without an auction if the sale of assets in another manner is more profitable. However, organising such a sale may be impossible for the trustee, who is usually not an expert in the field of crypto. 
  • Enforcement of Legal Judgments in Third Countries: the EU provides a relatively comprehensive framework for enforcement action between different EU states. It is, however, widespread that crypto services are spread across several non-EU jurisdictions, which necessitates recognition and enforcement of the decisions through foreign courts, which may not accept the decisions of Estonian authorities as valid. Also, even within the EU, there are significant difficulties, such as gaining access to accounts held by providers of regulated services. 
  • Lack of Precedent: given the relative novelty of the cryptocurrency industry, Estonia is still lacking legal precedents to resolve several of the issues raised above. The result is that the court proceedings in these matters are longer, more expensive and eat into the few assets left by the. 

How to reduce the risks in case of centralised service 

For those opting to use a centralized service, ensuring the service is a regulated entity is paramount. Furthermore, understanding their balance sheet, ascertaining the reliability of their business model, and their commitment to security can protect investors from potential losses. Recent regulatory changes in Estonia have been focusing on ensuring investor protection, but these changes are still ongoing. Further changes on the EU level under the Markets in Crypto-Assets Regulation (MiCA) will further increase the protection of the investors, but these changes are not set to come into effect until mid-2024 to early 2025. 

How to reduce the risks in case of decentralised service   

The decentralized model brings with it inherent risks, but there are still precautions investors can take. Ensuring the platform has robust security measures in place is essential. The terms of service, often overlooked, can play a significant role in dispute resolution and risk mitigation. 

However, one must keep in mind that while regulation can bring about a level of protection and confidence for investors, it doesn’t guarantee absolute safety. As an investor, one must always be proactive in understanding and mitigating risks. 


Securing crypto assets in Estonia, or anywhere else, requires a mix of understanding the regulatory landscape, market dynamics, and the inherent risks associated with the platforms one chooses. While the crypto world promises vast returns, it’s equally full of potential pitfalls. An informed approach, coupled with due diligence, can go a long way in ensuring a safer investment journey.  

Do you need legal help with your crypto project? Check out our legal services for crypto companies. You can also explore some of our previous work here. 

Get the latest about Hedman law firm


Our memberships:
FinanceEstonia, Lexing®,
Estonian Service Industry Association,
Estonian Chamber of Commerce and Industry,
EstVCA, EstBan, FECC,
IBA & IBA European regional Forum