UK court: Wife used CCTV to steal $176M crypto

A UK High Court claim has put a very 2026 twist on an old problem: someone allegedly nicked the seed phrase. This time, the claimant says his estranged wife used home CCTV footage to capture wallet credentials and walk off with 2,323 Bitcoin$62,588.20, roughly $176 million at recent prices.

The case, aired in a judgment filed last Tuesday (March 10), is a reminder that "cold storage" only stays cold if your real world security is not a bit dodgy. ^[1]

Bitcoin Options Crowd Into March 27 Expiry as $75K Calls Build a Gamma Wall

Enjoy articles without ads?

What the court heard

According to the judgment, Ping Fai Yuen alleges his estranged wife, Fun Yung Li, stole 2,323 Bitcoin$62,588.20 from a Trezor hardware wallet in 2023. The core accusation is painfully simple: Yuen claims Li used a security camera inside the home to record his seed phrase and access codes, then later used that information to access the wallet and transfer the coins.

Justice Cotter, in written reasons, indicated the claimant has a high chance of succeeding on the evidence currently available and suggested the dispute should head to an early trial. That is a meaningful signal at this stage, not a final verdict, but it suggests the court sees the claim as more than speculative.

The alleged haul size matters. At today's spot levels, with Bitcoin$62,588.20 trading around $74,000 to $75,000, 2,323 Bitcoin comes out near the reported $176 million mark (prices move, but the order of magnitude is clear). If the coins were moved in 2023, the fiat equivalent at the time could have been materially different, which is exactly why these cases tend to focus on the asset itself, not just a headline dollar figure.

France $1M Bitcoin Robbery: Knife-Wielding 'Fake Cops' Force Couple to Hand Over Crypto

The uncomfortable bit: CCTV can defeat a hardware wallet

Hardware wallets are designed to keep private keys off internet connected devices. They are not designed to stop a camera. ^[2]

Most Trezor setups rely on a BIP39 seed phrase, typically 12 or 24 words, which can recreate the wallet on any compatible device. If someone obtains that seed, plus any additional passphrase if one is used, they do not need to "hack" anything. They can simply restore the wallet and sign transactions like the owner. ^[2]

That is what makes the CCTV allegation so plausible as a threat model. A fixed camera pointed at the wrong place can capture:

A seed phrase written on paper during setup
A "temporary" note with words or PIN hints
The owner entering passphrases or recovery words
The physical location of backups (drawers, safes, binders)

Crypto security culture talks a lot about phishing links and SIM swaps. This case, if proven, is more mundane: the attacker allegedly had physical proximity, time, and a recording device. That combination is brutally effective.

Where the on-chain evidence should show up (and where it might not)

For a claim of this size, the on-chain trail is usually the part that either tightens the noose or unravels the story.

A few realities worth spelling out:

Bitcoin is transparent, but attribution is not. Without confirmed wallet addresses in the public record, outside analysts cannot reliably trace the funds. Court filings sometimes include addresses under confidentiality, especially if there is an active effort to freeze assets.
A thief does not need a centralised exchange (CEX). Coins can be split across hundreds of UTXOs, moved through peeling chains, or routed into services designed to break heuristics.
CEX off ramps remain a choke point. If any chunk touched a regulated exchange, disclosure orders can force identification, KYC records, IP logs, and withdrawal destinations. That is often where civil claims start to look winnable.

What makes this case unusual is the alleged method of compromise. If the court accepts that the seed phrase was captured and used, then the remaining questions become very practical: when did the transfers occur, where did the Bitcoin go, and who ultimately benefited.

Why UK courts are becoming a proper venue for crypto disputes

The UK has built a growing body of case law treating cryptoassets as property, enabling tools that matter in theft and fraud scenarios, including:

Freezing injunctions to stop dissipation of assets (where identifiable)
Disclosure orders against exchanges and intermediaries
Proprietary claims that argue specific assets, not just damages, belong to the claimant

Justice Cotter's indication that the claimant has a strong chance of success hints the court may already be satisfied that there is a coherent evidential narrative, at least enough to justify expedited handling.

Still, civil success is not the same as instant recovery. Even if the claimant wins, enforcement depends on tracing assets to reachable venues, or proving the defendant controls wallets holding the Bitcoin (or proceeds).

US, UK and Canada Kick Off Trilateral Operation to Disrupt Crypto Fraud Rings

This is what "operational security" actually means

People love to say "not your keys, not your coins." Fine. But the grown up version is: not your operational security, not your coins.

If your seed phrase can be seen, recorded, or found, you are effectively running a hot wallet with extra steps. The minimum discipline, especially for high net worth holders, looks like this:

No cameras in rooms where seeds are generated or stored. That includes smart doorbells with interior sightlines, baby monitors, and old CCTV kits that sync to cloud accounts.
Use an additional passphrase (sometimes called a 25th word) that is never written down with the seed. A seed phrase filmed on CCTV is far less useful if the passphrase is not captured.
Treat seed generation like a one time ceremony. No phones, no laptops, no guests, no "I will just jot it here for a sec."
Consider multisig for serious size. A single seed is a single point of failure. Multisig moves the problem from "one secret" to "several secrets stored separately."

None of this is glamorous, but neither is explaining to a judge how your life savings were sitting one camera angle away from being drained. ^[1]

What happens next

An early trial recommendation usually means the court wants the factual issues tested quickly. Expect the key battlegrounds to be:

Whether CCTV footage existed and what it captured
Who had access to the recordings and accounts
Timing analysis: marital separation timeline vs transfer dates
Device and login artefacts (phones, cloud backups, email access)
Whether any transfers can be tied to accounts controlled by the defendant

If specific wallet addresses are produced in proceedings, the on-chain element could become far more concrete, especially if funds passed through identifiable clusters or exchanges.

Risk box: what would invalidate the claim

This case turns on evidence, not vibes. The narrative weakens fast if any of the following becomes credible:

Consent or shared control: proof the wallet was jointly managed, or that the claimant authorised transfers
No clear linkage between alleged CCTV capture and subsequent transactions
Inability to trace the 2,323 Bitcoin to the defendant or destinations under her control
Alternative access paths: others with seed access, compromised backups, or earlier leaks that explain the drain without the CCTV theory

For now, the court appears persuaded there is something substantial to answer. For everyone else holding size on a single seed: if a camera can see your recovery words, you do not have a custody setup, you have a countdown.

UK Court Hears Claim Wife Used Home CCTV to Drain $176M in Crypto From Husband

What the court heard

The uncomfortable bit: CCTV can defeat a hardware wallet

Where the on-chain evidence should show up (and where it might not)

Why UK courts are becoming a proper venue for crypto disputes

This is what "operational security" actually means

What happens next

Risk box: what would invalidate the claim

People Referenced

Tags

Be part of the conversation!

Article Reader Review