Executive Summary: Key Legal and Evidentiary Issues

• Whether Mr. Bue authorized the disputed cryptocurrency transactions or was a victim of fraud involving email compromise and remote access.

• Interpretation and enforceability of the Pre-Authorized Debit (PAD) Agreement between Honeybadger and Mr. Bue, particularly regarding verification protocols.

• Determination of whether a valid contract existed for the two $100,000 purchases initiated by fraudsters.

• Consideration of whether cryptocurrency qualifies as a "good" under The Sale of Goods Act.

• Assessment of Honeybadger’s compliance with FINTRAC regulations and the “travel rule”.

• Apportionment of loss between two innocent parties based on carelessness and failure to comply with contract terms.

Background and financial fraud context

Mr. Bue, a 66-year-old retiree from Cabri, Saskatchewan, fell victim to a series of online scams beginning in 2022. Initially, he lost funds to a fraudulent entity called Main Bit Ltd. posing as a crypto investment firm. He was later contacted by parties pretending to be from the UK Ministry of Justice, a cybercrime agency named "Funds Recall," and eventually scammers claiming to be from the FBI. These fraudsters instructed him to perform “dummy transactions” to aid supposed investigations, and gained remote access to his computer via an application called AnyDesk.

In April 2023, acting on directions from the fraudsters, Mr. Bue contacted Honeybadger Enterprises Ltd., a cryptocurrency seller, and agreed to purchase cryptocurrency using a Pre-Authorized Debit (PAD) Agreement. The agreed process involved Honeybadger withdrawing funds from his account and delivering bitcoin to a wallet address provided via email. Some transactions were initiated by Mr. Bue, while others were executed by the fraudsters using his email account and access to his computer. In total, $240,000 in transactions were reversed by Mr. Bue through his bank, leading Honeybadger to obtain a preservation order over the funds.

Disputed transactions and legal claims

Honeybadger claimed breach of contract, asserting that cryptocurrency was delivered but not paid for. Mr. Bue admitted authorizing three transactions totaling $79,991.07 but denied involvement in the two $100,000 purchases, arguing they were executed by fraudsters. He counterclaimed, alleging Honeybadger failed to comply with the PAD Agreement and FINTRAC regulations, and failed in its duty of care to protect him from fraud.

Mr. Bue further invoked The Sale of Goods Act, arguing no enforceable written agreement existed. Honeybadger denied these allegations, stating the PAD Agreement allowed for authorization via email and that it followed all regulatory and contractual requirements. The company discontinued its claim against Innovation Credit Union early in the proceedings.

Enforceability of the PAD agreement

The court found that the PAD Agreement required Honeybadger to issue a password, security code, or signature equivalent to authorize withdrawals, but Honeybadger relied solely on email confirmations from Mr. Bue’s email account. While Mr. Bue’s pattern of confirming transactions via email worked initially, the court found this did not meet the requirements of the PAD Agreement. Honeybadger did not issue any form of verification, meaning the process lacked necessary safeguards and allowed unauthorized parties to withdraw funds.

No protection under The Sale of Goods Act

The court ruled that cryptocurrency does not fall under the definition of “goods” in The Sale of Goods Act, rendering Mr. Bue’s reliance on the statute ineffective. It also held that written agreements existed in the form of emails and the PAD Agreement.

Division of liability between innocent parties

The court considered whether Honeybadger or Mr. Bue should bear the loss resulting from the fraud. While Honeybadger followed an established process, it failed to meet its contractual obligation to verify withdrawals properly. Conversely, Mr. Bue allowed unknown individuals access to his computer and email, actively enabling the fraud. He was considered more than merely careless and had a pattern of being repeatedly defrauded, yet failed to inform Honeybadger of any suspicious activity.

The court drew on jurisprudence addressing liability between two innocent victims of fraud and concluded that both parties bore fault. Honeybadger’s failure to implement verification allowed the fraud to proceed, while Mr. Bue’s conduct opened the door to unauthorized access.

Outcome and apportionment of funds

Out of the $240,000 in dispute, the court ordered that $140,000 be paid to Honeybadger and $100,000 to Mr. Bue. The initial $40,000 purchase was clearly authorized by Mr. Bue, so it was awarded to Honeybadger. The remaining $200,000—representing the two fraudulent transactions—was split evenly between the parties. The court found this shared responsibility appropriate based on both parties' conduct. No costs were awarded, as both sides experienced partial success in the litigation.