M&A – Legal Due Diligence and Crypto Assets articles

2021 is proving to be a watershed year for cryptocurrency (and crypto assets, generally).[1]

Bitcoin, the world’s most well-known crypto asset, has experienced a staggering bull rally.  Its value has skyrocketed to record highs, at times in excess of US$60,000 per coin with a market capitalisation crossing the US$1 trillion threshold, placing it in an exclusive club with US tech giants Microsoft, Apple, Amazon and Google’s parent company, Alphabet. 

A pandemic-fuelled explosion in online commerce, global governmental regularisation, an expansionary US monetary policy, relative scarcity of supply, growing retail interest, a tidal wave of institutional interest (from major financial and corporate institutions such as BNY Mellon, Goldman Sachs, JPMorgan, Citi, Morgan Stanley, BlackRock, Mastercard, Square, MicroStrategy, Visa, PayPal and, most notably, Tesla which converted US$1.5 billion of its cash reserves into Bitcoin in January) – along with a vocal billionaire advocacy group including Elon Musk (Tesla), Jack Dorsey (Square and Twitter), Michael Saylor (MicroStrategy), Tyler and Cameron Winklevoss (Gemini, ex Facebook) and Michael Novogratz (Galaxy Investment Partners) – have all played their part in this year’s crypto asset boom.   

Crypto assets, it appears, have finally come over from the fringes and in from the cold.  The mainstream now appear to see them as a new asset class and – at least in relation to Bitcoin – as a solid balance sheet component, because of fixed supply.  Some devotees even look at Bitcoin as a viable alternative to traditional fiat currency. 

As legal advisors, we are cognisant of the expanding pervasiveness of crypto assets, throughout the global financial and commercial landscape, and the impact this has (or will soon have) on legal advice.  

In an M&A context, as legal advisors we are particularly mindful, when conducting crypto-related due diligence, to ensure clients receive the maximum level of contractual protection possible. 

This article looks at some key areas of legal due diligence on businesses that deal in, or with, crypto assets.



  • The purchaser will want clarity on the nature and extent of the target’s crypto dealings. This will help the purchaser’s legal advisors frame up a crypto issues matrix and identify key areas of risk.
  • Due diligence should include investigations into:
    • whether the target receives any crypto assets
    • the sources of crypto inflows (e.g. from customers, clients, debtors, trading activities, custodianship arrangements, coin or token offerings, crypto mining, affiliate reward programmes, interest from lending platforms such as BlockFi or Celsius, blockchain solutions such as ‘lightning networks’ or ‘masternodes’ etc)
    • where the target’s crypto assets are actually stored, proof of ownership and actual quantum stored
    • whether the crypto asset is ‘staked’ (i.e. locked in a platform to participate in maintaining the operations of a proof-of-stake (PoS) based blockchain)
    • whether the target’s customers, clients or debtors, from whom crypto assets are received, have confirmed they have sufficient understanding of the risks and implications of dealing in crypto assets
    • whether the target holds varying forms of crypto assets (e.g. NFTs or ‘non-fungible tokens’)
  • For completeness, a purchaser’s legal advisor should also ask for a blockchain history (i.e. the underlying distributed ledger technology record) of all of the target’s crypto asset inflows and outflows.

Tax liabilities

  • The investigations above may help unearth tax liabilities (e.g. income tax, resident withholding tax etc) and guide the purchaser’s tax and legal advisors in determining appropriate contractual protections.  
  • The nature of crypto assets has thrown up new legal issues regarding whether traditional tax methodology is appropriate or actually applies.  Any tax advice needs to run concurrently with legal advice on the underlying legal aspects of crypto assets. 

Regulation and Compliance


  • The target should provide evidence/comfort that it has complied with all applicable regulations in connection with its crypto asset dealings. 
  • Investigations should cover all processes, documents and legal opinions in relation to the target’s regulatory compliance.
  • Due diligence should also seek to ascertain whether any crypto-related prohibitions or sanctions apply in the target’s jurisdiction.


If the target is, itself, an issuer of crypto assets, or is making a re-offer in relation to another issuer, due diligence should include a review of:

  • documentation prepared in connection with the target’s Initial Coin Offering (‘ICO’) or Initial Token Offering (‘ITO’) (as applicable)
  • the nature and type of crypto assets issued (i.e. coin, token etc)
  • evidence of the target’s compliance and filings with, and copies of issue documents and records prepared pursuant to, the Financial Markets Conduct Act 2013 (‘FMCA’) and its Regulations
  • evidence of any internal and external approvals obtained

Financial service providers

  • Investigations should be made into whether the target’s crypto asset dealings amount to the provision of a ‘financial service’. 
  • Due diligence should include:
    • a review of the target’s compliance with the ‘fair dealing’ requirements in the FMCA
    • a review of the target’s compliance with the licensing requirements of the Financial Markets Authority (if applicable)
    • confirmation of the target’s registration on the Financial Service Providers Register
    • a review of the target’s compliance with the Financial Service Providers (Registration and Dispute Resolution) Act 2008, if services are offered to retail clients

Anti-Money Laundering

  • If the target is, itself, a crypto asset exchange, the purchaser’s legal advisors should review the target’s Anti-Money Laundering/Countering Financing of Terrorism (‘AML/CFT’) processes and procedures. 
  • A long-held regulatory concern with crypto assets is the relative anonymity they afford and the potential for them to be used as a medium of exchange for money-laundering and other criminal purposes. 
  • An analysis of the nature and extent of the target’s AML/CFT compliance is therefore critical.


  • Crypto asset regulation is evolving rapidly.
  • The purchaser’s legal advisors should also try and assess how the target’s crypto asset holdings could be impacted by a change in legislation, prior to settlement, and whether the target has prepared for those eventualities.



  • Due diligence should examine the target’s contracts which involve crypto assets.
  • The target may, for instance, be a party to a crypto asset hedging (or ‘futures’) contract, or a crypto asset ‘option’ contract, in which the target has agreed to buy or sell a specific amount of crypto assets, at a specific price, within a specific timeframe.
  • The purchaser will want a clear picture as to what rights, obligations and liabilities will apply to the purchaser under such contracts, after settlement. 


  • The purchaser’s legal advisors should investigate whether the target has used its crypto asset holdings as security for financial accommodation. 
  • The purchaser will want comfort that, at settlement, the target’s crypto asset holdings are free from any encumbrances.



  • Due diligence should clarify where the target’s crypto asset holdings are stored.  Typically, crypto assets are stored:
    • in a ‘hot’/online wallet, such as an exchange platform (e.g. Exodus) or in an online wallet (e.g. Coinbase Wallet); or
    • in a ‘cold’/offline wallet – that is, a physical coin wallet – such as those manufactured by Trezor or Nano
  • Due diligence should confirm:
    • the quantum of crypto assets stored in each repository
    • the terms and conditions applicable to storage (i.e. Are there limits/prohibitions on withdrawal?  Do transfer fees apply? etc) 


  • The purchaser’s legal advisors should advise on matters that allow the purchaser to assess the viability, trustworthiness and security of the target’s crypto asset repositories.
  • Due diligence should include investigations into:
    • the extent of factor-level authentication (if any) imposed by the wallet provider
    • whether insurance is available in the event of unauthorised access/hacking
    • whether the wallet provider itself is the subject of any historical or threatened claims, regulatory investigations or litigation
  • The underlying concern with exchange platforms is that many have failed (e.g. GBL, GEMS, Paycoin, DAO and Youbit) while others have been the subject of highly-publicised hacks (Mt. Gox, DAO, NiceHash, Youbit, Tether, Ethereum).  Each resulted in highly detrimental impacts for HODLrs. 


  • Wallet keys (i.e. passcodes) are critical.  If lost, the wallet to which they relate will remain locked and the crypto assets held in that wallet will, too, be lost.
  • Due diligence should confirm where and how the target’s private keys, secret phrases and platform passwords are maintained.
  • The purchaser will want evidence/comfort that:
    • the target has not provided copies of wallet keys to third parties (intentionally or inadvertently), including parties within the target (i.e. employees, management etc)
    • the target will relinquish, and the purchaser will obtain, all rights, title and interest in the wallet keys (wholly and unencumbered) at settlement
  • As a matter of prudence, the purchaser should, at settlement, transfer the crypto assets into a new wallet of its own choosing.

We recommend you seek specialist legal advice in relation to any M&A deal that has a crypto asset element to it.

For further assistance, please contact one of Stace Hammond’s Business Sales, Purchases & Mergers team.

The above overview has been provided for general information purposes only.  It is not an exhaustive list of all possible issues associated with legal due diligence on businesses that deal in, or with, crypto assets.  It is not intended to be treated as, legal advice and is subject to change without notice.

[1] This article references the term ‘crypto assets’ (alternative spelling, ‘cryptoassets’), in favour of the term ‘cryptocurrency’.  The term ‘crypto assets’ includes what are widely understood to be cryptocurrencies (e.g. Bitcoin) and other forms of digital assets.  Click here for further analysis by Stace Hammond of Ruscoe & Moore v Cryptopia Limited 2020 (in liquidation) [2020] NZHC 728, in which the New Zealand High Court found cryptocurrency to be ‘property’, and not ‘currency’.    

About the Authors


Get insights sent direct to your email.