In a recent ruling, the District of Colorado granted several motions to dismiss filed by the developers and owners of cryptocurrency application Atomic Wallet, citing a lack of personal jurisdiction. This decision effectively ends a class action litigation involving the alleged theft of cryptocurrency assets by North Korean hackers.

The plaintiffs in this case alleged that their cryptocurrency assets were stolen due to security vulnerabilities in the Atomic Wallet platform, which allows users to hold, buy, sell, and trade cryptocurrency. Defendant Evercode Infinite is the software development company that developed the Atomic Wallet platform and applications. The individual defendants included the CEO and two shareholders of Atomic Wallet. The plaintiffs claimed that the defendants were aware of security vulnerabilities as early as April 2021 but failed to take necessary precautions to protect user data and funds. Approximately 5,500 wallets were affected by the attack with reported losses of over $100 million.

The court’s analysis focused on whether it had personal jurisdiction over the defendants. Atomic Wallet is an Estonian corporation, and Evercode Infinite is incorporated in the United Arab Emirates. Only one of the named plaintiffs was a citizen of Colorado.

The plaintiffs had the burden of making a prima facie showing that the defendants had minimum contacts with the forum state, Colorado. The court ultimately found that the plaintiffs failed to demonstrate that Atomic Wallet’s developers and owners purposefully availed themselves of Colorado law. The plaintiffs claimed that Atomic Wallet marketed its platform in Colorado, made its applications available for download, and communicated with Colorado users. However, the court held these allegations were insufficient to establish personal jurisdiction.

“Plaintiffs do not allege that Atomic Wallet ‘intentionally directed’ its marketing activity at Colorado ‘rather than just having the advertisements accessible there.'” The court further noted, “[t]he fact that, sometime after he downloaded the Atomic Wallet application, Mr. Dickinson communicated with Atomic Wallet customer representatives who knew he was a Colorado citizen is not evidence that Atomic Wallet intentionally directed its operations at Colorado.”

As for Evercode Infinite, the court found the contacts even more attenuated. “[P]laintiffs do not allege that Evercode caused Atomic Wallet to make its software, mnemonic keys, and security updates available to Colorado residents, thereby deliberately exploiting the Colorado market. The Supreme Court has held that, for a defendant’s contacts with a forum state to constitute purposeful availment, the ‘contacts must be the defendant’s own choice’…”.

The court dismissed two individual defendants for similar reasons, while ordering the plaintiffs to show cause why a third individual defendant shouldn’t be dismissed from the case on the grounds that plaintiffs had not filed proof of service of the complaint.