technology lawyer

Introduction of cryptocurrency and hacking offences to Parliament

by

reviewed by

Malcolm Burrows

Reading Time:

4–7 minutes

The Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 (Bill) seeks to amend the Criminal Code Act 1995 (Criminal Code), the Crimes Act 1914 and the Proceeds of Crime Act 2002 to bring historical legislation into the modern state of play as it relates to threats of ransomware.  The new powers under this Bill complement existing search and seizure powers, which we have previously considered here.

Geographical considerations

Importantly, at the outset, the Bill does away with geographical constraints upon offending.  Whilst it may have been the case that to be charged with a cyber type of offence the offending would need to have occurred within Australia, the Bill introduces an ‘impact-focused’ method of determining jurisdiction.  That is, instead of focusing on the location at which the offending occurs, the Bill is concerned of the location upon which the offending impacts.

Where the conduct constituting the alleged offence occurs wholly outside Australia and it constitutes an offence relating to unauthorised:

  • access to data;
  • modification of data;
  • impairment of electronic communication of data to or from a computer; or
  • impairment of the reliability, security or operation of any data; and

the data is under the control of an Australian person or corporation and is reasonably capable of being accessed within Australia, an offender will not escape liability for the offence based on the geographical externality to Australia.[1]

Cryptocurrency seizures

Schedule 3 of the Bill inserts various sections into the Crimes Act 1914.  Arguably, most interestingly amongst them is section 1, which inserts section 3C(1) to define a digital asset and its seizure as follows:

digital asset means:

  • a digital representation of value or rights (including rights to property), the ownership of which is evidenced cryptographically and that is held and transferred electronically by:
  • a type of distributed ledger technology; or
  • another distributed cryptographically verifiable data structure; or
  • a right or thing prescribed by the regulations;

but does not include any right or thing that, under the regulations, is taken to be a digital asset for the purposes of this Part.

seize, for a digital asset, has a meaning affected by subsection 3FA(3).

 The legislative definition does not outright state ‘cryptocurrencies’, but it is perfectly clear for all who read that it is indeed such currency which is being referred to.  Indeed, a cryptocurrency is a digital representation of value with ownership cryptographically evidenced and is tradeable on distributed ledge technology.

Therefore, it is prudent to consider the circumstances in which this Bill would allow the government to seize cryptocurrencies.

If a warrant is in force in relation to either a premises or a person, an executing officer may seize a digital asset if:

  • in the course of exercising the warrant, the officer finds one or more things that suggest the existence of the digital asset; and
  • the officer suspects the digital asset to be:
    • evidential material in relation to an offence to which the warrant relates; or
    • evidential material in relation to another offence that is an indictable offence; or
    • evidential material or tainted property; and
  • the officer reasonably suspects that seizing the digital asset is necessary to prevent its concealment, loss or destruction, or its use in committing an offence.[2]

It is clear that there needs to be a sufficient connection between the digital asset and an offence before an officer is authorised to seize the digital asset.  Where an officer is authorised to do so by transferring the digital asset from an existing digital wallet to a digital wallet controlled by the Australian Federal Police.[3]  Notably, the Explanatory Memorandum to the Bill indicates that an officer is not confined merely to the above method of seizing digital assets.[4]  It appears Parliament intends to provide very broad powers to officers, in certain circumstances, to seize digital assets.

Hacking offences

The Bill establishes an offence of data extortion with penalty of imprisonment of ten (10) years.  Where a person without authorisation accesses, modifies or impairs data held in a computer and then, via a carriage service, makes a threat to the owner of the data compelling them to do or omit to do an act.[5]

The Bill also established an offence of dealing with data.  Where a person obtains, accesses, modifies or releases data by use of a carriage service and was not authorised to access or modify said data, they will have committed an offence and be liable for five (5) years imprisonment.[6]

The most severe penalty for offending introduced by the Bill is in relation to aggravated computer offences, whereby an offender may be liable to twenty-five (25) years imprisonment.  Where an offender commits an underlying offence, such as unauthorised access or modification, but that act is targeted directly or indirectly towards ‘critical infrastructure’, it will be considered aggravating offending.[7]  Critical infrastructure is expansively defined under section 9 of the Security of Critical Infrastructure Act 2018.

Takeaways

The Bill provides a novel power for law enforcement to seize digital assets such as cryptocurrencies and provides further protection against cyber crimes via the introduction of more severe penalties and the removal of geographical constraints, which may otherwise have created difficulty in prosecuting international offenders.

Links and further references

Legislation

Crimes Act 1914

Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022

Criminal Code Act 1995

Explanatory Memorandum to Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022

Proceeds of Crime Act 2002

Security of Critical Infrastructure Act 2018

Further information about cryptocurrency seizure and hacking offences

If you need advice on cryptocurrency seizure and hacking offences, contact us for a confidential and obligation-free discussion:

[1] Bill section 1 introducing section 476/3 to the Code.

[2] Bill Schedule 3 section 7 inserting section 3FA(1) and (2) into the Crimes Act 1914; Bill Schedule 3 s 11 inserting section 288A(1) in the Proceeds of Crime Act 2002.

[3] Bill Schedule 3 section 7 inserting section 3FA(3) into the Crimes Act 1914; Bill Schedule 3 s 11 inserting section 288A(2) in the Proceeds of Crime Act 2002.

[4] Explanatory memorandum at [144].

[5] Bill Schedule 1 section 2 inserting section 477.4 into the Criminal Code.

[6] Bill Schedule 1 section 2 inserting section 478.5 into the Criminal Code.

[7] Bill Schedule 1 section 12 inserting sections 479.1 and 479.2 into the Criminal Code.


Related insights about cryptocurrency seizure and hacking offences

  • Office of AI announced by Federal Government

    Office of AI announced by Federal Government

    On 15 July 2026, Prime Minister Anthony Albanese (Prime Minister) announced by media release an expansion of the Federal Government’s (Government) existing artificial intelligence (AI) governance framework, including the establishment of a new Office of AI as well as plans to legislate national standards governing large-scale data centres, AI training and the use of Australian…

    Read more …

  • AI businesses should have duty of care

    AI businesses should have duty of care

    In a recent interview with InnovationAus.com, Victorian Senator Michelle Ananda-Rajah (Senator) emphasised the need to adopt digital duty of care laws for artificial intelligence (AI) companies.[1]  As a representative of the ALP and former AI start-up founder, the Senator calls for the proposed digital duty of care to apply to AI companies.  If implemented, the…

    Read more …

  • Federal Court orders winding up of crypto mining investment scheme

    Federal Court orders winding up of crypto mining investment scheme

    The Federal Court of Australia delivered judgment in Australian Securities and Investments Commission v NGS Crypto Pty Ltd (No 5) [2025] FCA 1611, on 18 December 2025 ordering the winding up of two (2) cryptocurrency related entities after finding that they operated an unlicensed financial services business and an unregistered managed investment scheme in contravention…

    Read more …

  • Online Safety – is your online business a DIS or a RES?

    Online Safety – is your online business a DIS or a RES?

    Whether your online business has to comply with the obligations contained in the Online Safety Act 2021 (Cth) (OSA), and related standards and industry codes will largely depend on how your business is classified because of the functionality it provides to end users in Australia.

    Read more …

  • Bill to allow victims of AI deepfakes to sue for emotional damages

    Bill to allow victims of AI deepfakes to sue for emotional damages

    On 24 November 2025, Senator David Pocock introduced a private Senator’s bill, the Online Safety and Other Legislation Amendment (My Face, My Rights) Bill 2025 (Cth) (Bill) to amend the Online Safety Act 2021 (Cth) (Online Safety Act) and the Privacy Act 1988 (Cth) (Privacy Act). 

    Read more …

  • Malcolm Burrows on ABC’s “Legal Eagles” segment – Deepfakes

    Malcolm Burrows on ABC’s “Legal Eagles” segment – Deepfakes

    On 3 December 2025, Malcolm Burrows appeared live on Katherine Feeney’s ABC Radio program, “Legal Eagles” as the Technology and Intellectual Property Lawyer to discuss the proposed amendments to the Online Safety Act 2021 (Cth) through the introduction of the Online Safety and other legislation Amendment (My Face Rights) Bill (Cth) 2025 (My Face Rights…

    Read more …

  • Federal Gov rules out copyright text and data mining exception for AI

    Federal Gov rules out copyright text and data mining exception for AI

    On 26 October 2025, the Attorney-General, Hon Michelle Rowland MP, published a media release reiterating that the current Federal Government will not introduce a text and data mining (TDM) exception to copyright infringement in the Copyright Act 1968 (Cth) (Copyright Act).  The Attorney-General’s Department will instead engage in further consultations with members of the Copyright…

    Read more …

  • Australian Government announces a digital duty of care

    Australian Government announces a digital duty of care

    The Australian Government has announced that it will soon be introducing legislation to create a digital duty of care under the Online Safety Act 2021 (Cth) (Act) in response to findings from an independent Statutory Review of the Online Safety Act 2021 (Review).  The Honourable Anika Wells MP announced that “big tech” companies will soon…

    Read more …

  • Dundas Lawyers achieves SMB1001 gold level cyber security certification

    Dundas Lawyers achieves SMB1001 gold level cyber security certification

    On 14 November 2025 Dundas Lawyers achieved the Gold level of the SMB1001 cybersecurity standard.

    Read more …

Send this to a friend