In a decision dated September 18, 2024 (case number 1 Ws 185/24), the Higher Regional Court of Braunschweig ruled that the unauthorized transfer of cryptocurrencies by a trusted person who already knows the private key is not punishable under current criminal law as theft (§ 242 of the German Criminal Code), unauthorized access to data (§ 202a of the German Criminal Code), computer fraud (§ 263a of the German Criminal Code), or data manipulation (§ 303a of the German Criminal Code). This decision highlights a clear loophole in German criminal law regarding the handling of digital assets.

What was decided — the key facts

  • Court: Higher Regional Court of Braunschweig
  • File number: 1 Ws 185/24
  • Date of the decision: September 18, 2024
  • Publication in widespread media coverage: from July 11, 2025 (first reported by Heise)
  • Type of procedure: Appeal proceedings against the lifting of an asset seizure
  • Lower court: Göttingen Regional Court
  • Result: The lifting of the asset seizure by the Göttingen Regional Court was confirmed — no sufficient initial suspicion for any of the investigated offenses.

The case in brief

The underlying issue did not concern Bitcoin in the strict sense, but rather so-called „A-Coins“ with a total value of approximately 2.5 million euros. The victim was the initiator of a crypto project. The accused was a IT-savvy trusted person, whom the victim had assisted in setting up a wallet. In the course of this assistance, the accused received the 24 word recovery phrase (seed phrase) the wallet — that is, full access.

After the project was launched and the wallet held tokens worth approximately €2.5 million, the accused transferred these tokens without authorization to his own wallets. The victim filed a criminal complaint; the public prosecutor's office found grounds for data espionage (Section 202a of the German Criminal Code), computer fraud (Section 263a of the German Criminal Code), and data manipulation (Section 303a of the German Criminal Code) and requested an indictment. Asset seizure amounting to approximately 2.5 million euros to secure a subsequent confiscation of value.

The Göttingen Regional Court lifted the arrest warrant following an appeal by the accused. The public prosecutor's office appealed this decision to the Braunschweig Higher Regional Court — and lost.

The legal argument of the Higher Regional Court

The Higher Regional Court examined all potentially applicable offenses individually and ultimately rejected them. Remarkably, Section 242 of the German Criminal Code (theft), which is often highlighted in the media debate, is legally only one of several stumbling blocks—and not even the decisive one.

Section 202a of the German Criminal Code (spying on data) — the central sticking point. The standard requires that the perpetrator trade data against a special access control overcomes. Such a safeguard was objectively present with the 24-word recovery phrase. However, the Higher Regional Court denied this. „"Overcome"“The accused did not bypass the security system, but rather the password. already known and simply used in the intended manner. Whoever opens a door with the key given to him does not "overcome" the lock.

Section 263a of the German Criminal Code (Computer Fraud). The Higher Regional Court also found that the elements of the offense were not met. The transfer of the tokens was a automatically triggered blockchain transaction based on a correctly executed wallet command — no „incorrect design of the program“ or „use of incorrect data“ within the meaning of the offense.

Section 303a of the German Criminal Code (Data Alteration). No luck here either: Simply initiating a regular transaction does not tamper with existing data; the blockchain entry is made in accordance with the rules by the network itself.

Section 242 of the German Criminal Code (theft). Here, the Higher Regional Court follows the prevailing opinion: cryptocurrencies are not "things" within the meaning of Section 242 of the German Criminal Code (StGB) because they lack physical existence. An analogous application is prohibited by the principle of legal certainty in criminal law (Article 103, Paragraph 2 of the German Basic Law). This classification is not new in principle—it has been advocated in legal literature for years.

The Higher Regional Court therefore definitively lifted the asset seizure order due to a lack of sufficient initial suspicion.

What the decision does not mean

The headline "Bitcoin theft goes unpunished in Germany" is an oversimplification. Three clarifications:

  • The decision assesses a specific situation: A trusted person who receives the seed phrase voluntarily given was and that access was misused. Anyone who gains access to someone else's wallet violently, through phishing, hacking or malware The offense of obtaining the password falls under other offenses — Section 202a of the German Criminal Code (StGB) does indeed apply there, because the password was not known.
  • Civil law Claims for restitution and damages against the trusted person still exist — the criminal law question is different from the question of recovery.
  • Forensic The process remains fully traceable. The coins are held at one address, the transfer is documented on-chain, and the subsequent cash-out movement can be tracked.

Reactions and criticism

The decision has been met with controversy in legal circles. Some commentators view the decision as consistent and in accordance with the rule of law—it does not demonstrate a weakness in the judiciary, but rather a Protection gap in substantive criminal law, which the legislature is tasked with closing. Other commentaries consider the interpretation of Section 202a of the German Criminal Code too narrow and see room for a less favorable interpretation for the perpetrator. A final ruling by the Federal Court of Justice (BGH) is still pending.

Politically, the case has prompted calls for a Reform of cybercrime law intensified. Proposals range from expanding the definition of the offense to creating a separate offense for unauthorized disposal of digital assets, to amending Sections 202a and 263a of the German Criminal Code.

What the decision specifically means for victims

Three points are practically important if you experience a similar incident yourself:

1. Filing a criminal complaint remains advisable. Even though the specific circumstances of the Braunschweig case are not a criminal offense in Germany, most real-life cases don't unfold that way. Phishing, account takeover, theft via malware, extortion—all these scenarios are punishable under current criminal law. Our guide explains how to properly file a report. Report crypto fraud.

2. Civil law and forensics run in parallel. Anyone who has lost coins through a trusted person can take civil action against them even without criminal proceedings—claiming restitution, unjust enrichment, or damages. The basis for this is forensic law. Blockchain analysis and the Localization of the coins, which proves where the funds went.

3. Act quickly before coins are laundered. A forensic initial assessment of a Wallet check It clarifies within a few days whether the funds are still available. In the case of stablecoins, a freeze on Tether or Circle can occur simultaneously.

For more on the fundamental question of whether stolen coins are legally lost, read our article. Crypto fraud: Are stolen coins legally lost?.

International classification

Other legal systems treat the process somewhat differently. In the US, cryptocurrencies are recognized as "property" in several states and at the federal level, meaning that classic theft offenses apply. In the UK, the High Court has explicitly classified crypto assets as "property." However, both legal systems also have other criminal procedural structures—a direct transfer is not straightforward. In German-speaking countries, the narrow interpretation of the concept of property, as confirmed by the Higher Regional Court of Braunschweig, prevails. A ruling by the Federal Court of Justice (BGH) providing fundamental clarification is still pending.

Conclusion

Decision 1 Ws 185/24 has No legal immunity for crypto theft He created a loophole that objectively exists in German criminal law: Someone who is voluntarily given a private key and then misuses it does not clearly fall under any of the existing offenses. For forensic and civil prosecution, nothing changes. For political pressure for reform, much changes.

FAQ – Frequently Asked Questions about the Higher Regional Court of Braunschweig Decision

Does this decision mean that cryptocurrency theft is not a crime in Germany?

No. The ruling addresses a very specific situation: a trusted person to whom the seed phrase was voluntarily disclosed. Classic offenses—phishing, hacking, malware, extortion—are covered by current criminal law because they may meet the requirements of Section 202a of the German Criminal Code (overcoming special access security) or Section 263a of the German Criminal Code.

Why does Section 202a of the German Criminal Code not apply?

Because the element of the offense "overcoming a special access control" requires that the perpetrator actually circumvents the security measure. The accused knew the 24-word recovery phrase and simply used it as intended. A known key inserted into the lock as intended does not constitute "overcoming.".

Are cryptocurrencies really not "things" within the meaning of Section 242 of the German Criminal Code?

Yes. The prevailing opinion in German legal scholarship views crypto assets as digital data values without physical existence. An analogous application of the theft statute is prohibited by the principle of legal certainty in criminal law (Article 103, Paragraph 2 of the German Basic Law). This classification is not new—what is new is that a Higher Regional Court has explicitly applied it to a crypto-related case.

Can the injured party take civil action against the trusted person?

Yes. The criminal assessment does not fundamentally change civil claims—restitution, unjust enrichment, damages. Proving the case through forensic evidence is usually quite feasible because all transactions are documented on-chain.

What legal remedies are available against the Higher Regional Court's decision?

In appeal proceedings against an asset freeze, the Higher Regional Court's decision is generally the final instance; a further appeal is not admissible. A fundamental clarification of the legal issues by the Federal Court of Justice is still pending and will likely only occur in a different procedural context—for example, in a main proceeding with a conviction and subsequent appeal on points of law.

What should I do if I have lost coins through someone I trust?

Immediately secure all evidence—wallet addresses, transaction IDs, communication histories, and documents relating to the seed phrase. Commission an initial forensic assessment through a... Wallet check. File a criminal complaint (even if the specific incident falls under the Braunschweig case – the complaint remains relevant for civil proceedings and for other potential offenses). Prepare civil legal action in parallel.