1 2 3 4 5 6 7 8 UNITED STATES DISTRICT COURT 9 FOR THE EASTERN DISTRICT OF CALIFORNIA 10 11 JUSTM2J LLC, No. 2:25-cv-00380-DAD-SCR 12 Plaintiff, ORDER DENYING PLAINTIFF’S MOTION FOR TEMPORARY RESTRAINING ORDER 13 v. WITHOUT PREJUDICE AND GRANTING IN PART PLAINTIFF’S MOTION FOR 14 AYDEN BREWER, et al., EXPEDITED DISCOVERY 15 Defendants. (Doc. No. 2) 16 17 This matter is before the court on plaintiff’s ex parte motion for a temporary restraining 18 order and plaintiff’s motion for expedited discovery. (Doc. No. 2.) For the reasons explained 19 below, the court will deny plaintiff’s motion for a temporary restraining order and will grant in 20 part plaintiff’s motion for expedited discovery. 21 BACKGROUND 22 On January 27, 2025, plaintiff JustM2J LLC initiated this fraud action against named 23 defendants Ayden Brewer, Jon Litz, and Jason St. George, and unknown defendant John Doe 1. 24 (Doc. No. 1.) In its complaint, plaintiff alleges the following. 25 Plaintiff is a Delaware limited liability company that is the assignee of all claims 26 belonging to Nakamoto LLC related to a series of cyber-attacks (“the Bittensor attacks”) against 27 the participants of Bittensor. (Id. at ¶¶ 1, 10.) Nakamoto LLC, as the assignor of plaintiff, 28 ///// 1 purportedly lost approximately $13,000,000 in crypto assets as a result of the Bittensor attacks.1 2 (Id. at ¶ 6.) Bittensor is a decentralized network that is designed to foster collaboration and 3 competition among AI researchers. (Id. at ¶ 21.) It does this by allowing participants to earn 4 rewards in the form of a digital token called TAO for providing computations and machine 5 learning models aimed at completing certain tasks, such as image recognition. (Id.) Bittensor is 6 open-source in that its source code is freely available to the public. (Id.) To participate in 7 Bittensor, participants must have a piece of software called a wallet which enables them to 8 receive, store, and transfer TAO and a private key that allows a user to access and control a wallet 9 and its contents. (Id. at ¶ 24.) Defendant St. George was an employee of Opentensor Foundation 10 (“Opentensor”), which maintains, develops, and improves Bittensor. (Id. at ¶¶ 25, 27.) During 11 his tenure there, defendant St. George had access to Opentensor’s proprietary key which allowed 12 access to Opentensor’s PyPI account.2 (Id. at ¶ 27.) Defendants Brewer, St. George, Litz, and 13 John Doe 1 entered into an agreement to plan and execute the Bittensor attacks around April of 14 2024. (Id. at ¶ 28.) On May 20, 2024, defendants registered a domain named opentensor.io 15 which appeared as though it belonged to Opentensor. (Id. at ¶ 29.) 16 On May 22, 2024, Opentensor released an upgrade to Bittensor’s software called version 17 6.12.2. (Id. at ¶ 30.) This release first took place on Github, which is an open-source code 18 repository that Opentensor uses for Bittensor. (Id.) This release was also intended to be 19 published on PyPI by Opentensor. (Id. at ¶ 31.) However, defendants used the proprietary 20 Opentensor key to upload a malicious version of the Bittensor update. (Id.) This prevented the 21 upload of the legitimate version 6.12.2 of Bittensor to PyPI by Opentensor. (Id.) Bittensor users 22 who downloaded version 6.12.2 from PyPI prior to July 2, 2024, therefore received a malicious 23
24 1 Neither in its complaint nor in the pending ex parte motion for a temporary restraining order does plaintiff address how or why Nakamoto LLC assigned its claims in this regard to plaintiff 25 nor does plaintiff explain the nature of the relationship between itself and Nakamoto LLC.
26 2 Plaintiff’s allegations with respect to the PyPI account are vague and unclear. It may be that 27 plaintiff is attempting to allege that Opentensor has an account on PyPI that it uses to upload updates to its Bittensor software as packages and that defendants improperly gained access to the 28 login credentials for that account. 1 version of the update which executed the same functions but also intercepted private keys 2 associated with the wallets of those users and sent those keys to opentensor.io. (Id. at ¶ 33.) On 3 May 30, defendants used one private key obtained in this manner to steal a total of 1039.9 TAO 4 from the wallets of one user, amounting to roughly $480,000. (Id. at ¶ 35.) On June 1, 5 defendants used a different private key obtained in this manner to steal a total of 28,368 TAO 6 from Nakamoto’s wallet, amounting to roughly $13,000,000. (Id. at ¶ 36.) On July 2, defendants 7 transferred 32,395 TAO, valued at approximately $15,000,000, from the wallets of 30 users. (Id. 8 at ¶ 37.) 9 Opentensor then placed the Bittensor network in safe mode and on July 3 discovered that 10 the malicious version that had been uploaded to PyPI. (Id. at ¶¶ 38, 39.) A series of transfers and 11 exchanges occurred which caused the assets taken in these three attacks to be deposited into 12 specific wallet addresses (“the Destination Addresses”) across several exchanges. (Id. at ¶¶ 41, 13 42.) Plaintiff does not allege when these transfers occurred. Opentensor retained a forensic 14 investigator and contacted law enforcement regarding the Bittensor attacks, though plaintiff does 15 not allege when the investigation conducted by the forensic investigator was completed. (Id. at ¶ 16 40.) Plaintiff has provided a declaration attached to its ex parte motion for a temporary 17 restraining order which states that the forensic investigator was hired in July 2024. (Doc. No. 2-2 18 at ¶ 6.) 19 Assets from the May 30 cyberattack, amounting to 1030.9 TAO, were transferred to the 20 TAO-wTAO bridge which allows users to convert TAO to wTAO, a separate cryptocurrency. 21 (Doc. No. 1 at ¶ 43.) Those wTAO assets were then converted to Ethereum (“ETH”), a separate 22 cryptocurrency, and deposited into the following cryptocurrency wallet addresses: 23 Cryptocurrency Address 24 and Volume Destination Address Type USD Value3 0x5e92aB69eB102cFC4A7 WhiteBit 25 103 ETH C507D8Dc3cC1eEdE25Eb0 Deposit $412,206 26 3 Plaintiff represents that the value of the funds located in each of the destination addresses listed 27 in this order were calculated using the peak ETH/USD conversion rate over the past thirty (30) days. (Doc. No. 1 at 9 n.1.) 28 1 Cryptocurrency Destination Address Address USD Value3 and Volume Type 2 Address 3 June 1, 0x09F76d4FC3bcE5bF2854 .884 ETH 2024 Hack $3,537 3F45c4CeE9999E0a0AAf 4 Address 5 (Id. at ¶ 46.)4 6 According to plaintiff, assets from the June 1 attack, amounting to 28,368 TAO, were 7 transferred to the TAO-wTAO bridge and temporarily deposited to the wallet address identified 8 as the traced endpoint for the .884 ETH taken in the May 30 attack. (Id. at ¶ 47.) Those wTAO 9 assets were then exchanged for ETH, wETH, a separate cryptocurrency, and USD Coin. (Id. at ¶ 10 48.) USD Coin is a stablecoin cryptocurrency designed to maintain a 1:1 conversion rate with 11 USD. (Id. at 9 at n.2.) Those assets were then distributed over several deposit addresses in 12 Binance, WhiteBit, and HTX, which are exchanges used to store and trade cryptocurrencies. (Id. 13 at ¶ 49.) Approximately 1,205 ETH from those assets was routed through the Railgun Privacy 14 Protocol, which is a system designed to hide the details of cryptocurrency transactions. (Id. at ¶ 15 51.) Plaintiff claims that 1,055 ETH was transferred from the Railgun Privacy Protocol to the 16 Synapse Protocol bridge, a tool used to transfer cryptocurrency assets between different 17 blockchains, and then transferred to a variety of cryptocurrency exchanges while the remaining 18 150 ETH was sent to two specific deposit addresses. (Id. at ¶¶ 52, 53.) The mixture of assets 19 obtained as a result of the June 1 attack, according to plaintiff, reached the following ending 20 wallet addresses: 21 Cryptocurrency Address Destination Address USD Value 22 and Volume Type Binance 0x8f3100AD91cbfbE8aA58 23 395,301 USDC Deposit $395,301 845083B25249f8FfdB29 Address 24 Binance 0x9C6D589B7e6Cea55138A 197,336 USDC Deposit $197,336 25 3ea1E0AC615126290ED2 Address 26
27 4 Though plaintiff alleges that the value of the assets taken amounted to approximately $480,000, the amount in the Destination Addresses listed only adds up to $415,743. Plaintiff does not 28 clarify this discrepancy in its complaint. 1 Cryptocurrency Destination Address Address USD Value and Volume Type 2 Binance 0x9C6D589B7e6Cea55138A 99.9999 ETH Deposit $396,198 3ea1E0AC615126290ED2 3 Address WhiteBit 4 98.9997 ETH 0x6C030fCf0529baa3FB655 Deposit $396,157 32a25aB5154BBE335cB Address 5 WhiteBit 0x5625f748FF2E0784744a4 384,192 USDC Deposit $384,192 6 F974d173924D7219097 Address WhiteBit 7 63.9997 ETH 0x047050a2A09dc27f23Df5 Deposit $256,087 19dF7D19074A6a3343f Address 8 WhiteBit 0x15a8130D8F8AcD474486 153.9994 ETH Deposit $616,267 9 7b3D51491D1e0189f908 Address WhiteBit 10 86.9996 ETH 0x65a7437f2F6EF3c203b19 Deposit $348,133 af8f1787Db03F1FB20B Address 11 WhiteBit 0x954f0dF9B7555a755CFd8 24.9995 ETH Deposit $100,009 12 55Bf4809c4e15b732B0 Address WhiteBit 13 25 ETH 0x6d5f108E94718e346C5eC Deposit $100,050 1C52cE7edd5cDD1a89A Address 14 WhiteBit 0xe6a2aAE8811c20869a900 20 ETH Deposit $80,040 15 2A808b7c31a0786588E Address WhiteBit 16 0xBc9b0B672f8941109Ff37 28.9 ETH Deposit $115,657 831fa43c922B0935d17 Address 17 HTX 0x56DbE5de6a37f23e85DA 24.9997 ETH Deposit $100,009 18 00338e1dd58216a40b6c Address HTX 19 0x3A9EDb8C26c61F816De 99.9996 ETH Deposit $396,198 AcE92764964bb1483456E Address 20 HTX 0x58A6cfc6D9b00E78056f6 63.9998 ETH Deposit $256,087 21 2D8a1efa54741AcEe01 Address 22 0x01d2B465d5ba513387932 HTX 74.9998 ETH Deposit $300,145 290fe1a1644d5A83F22 23 Address HTX 0x80839E957F5BC7D72e71 24 77.9998 ETH 626636C5FAE202B758e7 Deposit $312,151 Address 25 0x8C227480B8F9E894a572 HTX 99.9996 ETH Deposit $396,198 687799FE5368622FCDC1 26 Address HTX 0x7824ee032bd857FbbDd9e 27 85.9997 ETH 351F50F5eB80b0ADB13 Deposit $344,167 Address 28 1 Cryptocurrency Destination Address Address USD Value and Volume Type 2 KuCoin 0x6BEe51F3cf378Fc167DFe 99.9999 ETH Deposit $396,198 eF1ea2c856ce6Ec12d8 3 Address KuCoin 4 99.9999 ETH 0x3898879e531D2ce92d8FB Deposit $396,198 23cb7aD86d5472060C1 Address 5 KuCoin 0xb3C7E5E8F138F23C461 1.999904 ETH Deposit $7,999 6 C941AF133BC14F863285E Address KuCoin 7 19.9998 ETH 0x95034c37c1C1D8484089Fb468899 Deposit $80,035 32402DCA0F82 Address 8 KuCoin 0x85De72B97d6eFe7bFCDa 9.999985 ETH Deposit $40,015 9 C472fA182F79Da8619DC Address KuCoin 10 9.99987 ETH 0x91aC15FE89315867F8BD Deposit $40,015 d7b5bB40D450E2fF0320 Address 11 KuCoin 0x9f02577718bA0505DbB0 4.999909 ETH Deposit $20,005 12 7a13eCc38d809b13399a Address MexC 13 50 ETH 0x26658c8e719268e473491 Deposit $200,100 E26E5a33e284d1Ea4bF Address 14 EXCH.CX 0xC49BDbD2F3ed50cD095 50 ETH Deposit $200,100 15 B108bca6bd7596F2D4ba7 Address EXCH.CX 16 0xD66766E43cB66628478E 35 ETH Deposit $140,070 d9D12d076849e81fDfF5 Address 17 EXCH.CX 0x85E14ec0E976414EDE6B 228 ETH Deposit $912,456 18 38A0b5E5B7879290EF53 Address EXCH.CX 19 0xCAec170151ABaED4Fc3 100 ETH Deposit $400,200 a158a7c3f78889C0dD9e5 Address 20 EXCH.CX 0xDcDEA8a8cAB06958C59 20 ETH Deposit $80,040 21 0E64937c0D4853744c335 Address 22 0x356E2Df6a43A26E340Da EXCH.CX 14.9999 ETH Deposit $59,989 e0C3649c26aCcf384082 23 Address EXCH.CX 0x686Fa4976D8C7EA5BCA 24 10.0001 ETH c53EB86ea453c44f7c5f3 Deposit $40,020 Address 25 0x79Ce9C4160F4AAf5191f EXCH.CX 9.999857 ETH Deposit $40,015 C516511c78D0dd24e885 26 Address EXCH.CX 0x08e637130C4eFBb4e48D 27 9.999908 ETH C13Cc95c7fC6355A3BdB Deposit $40,015 Address 28 1 Cryptocurrency Destination Address Address USD Value and Volume Type 2 EXCH.CX 0x34A64406Eb3FBc18994C 4.999893 ETH Deposit $20,005 7B2827E5D266671d011D 3 Address EXCH.CX 4 4.999963 ETH 0x22Cb8d3A6D43F86DCB Deposit $20,005 E751e4a2cf235ba1312b79 Address 5 EXCH.CX 0x16929803A0F2392497C8 4.999964 ETH Deposit $20,005 6 1404d7748c65ff9C0c2a Address EXCH.CX 7 4.999968 ETH 0x0eC0AC79148305FE8177 Deposit $20,005 45C18c0aF4Ba07547B98 Address 8 EXCH.CX 0xF239a90A91e4598b541D7D78bea 4.99995 ETH Deposit $20,005 9 E3621193b9c9D Address EXCH.CX 10 4.999953 ETH 0x292685ac52Bdb8fa08aCB Deposit $20,005 50Da3801bd87C4137AF Address 11 EXCH.CX 0xFF506cD2A2bFDFA80EF 4.999963 ETH Deposit $20,005 12 62DC22839E16ce40CA4F5 Address EXCH.CX 13 4.999968 ETH 0xA4F75e61cdAd561bdDD Deposit $20,005 35e921288bd60002f9633 Address 14 EXCH.CX 0x7DA771ec163C461adec0 4.999952 ETH Deposit $20,005 15 9ED2D88f2A5ec62Ff13D Address EXCH.CX 16 0xbaE5d5c76c42D93CE658 4.99986 ETH Deposit $20,005 28E9B0c86458Dc5329A7 Address 17 EXCH.CX 0x18c7278D515EF9601191 4.999851 ETH Deposit $20,005 18 48a0c5228718281fC312 Address Exolix 19 0xfffDEc00c2DD485bFfEde 9.9999 ETH Deposit $40,015 c4eF65489D1F076E1a1 Address 20 0x47713cb34FAbd63b39D7 Unnamed 49.999678 ETH $200,095 C5c6f675dCa39d22762B Service 21 0x47713cb34FAbd63b39D7 Unnamed 1.999818 ETH $7,999 22 C5c6f675dCa39d22762B Service 0x47713cb34FAbd63b39D7 Unnamed .999823 ETH $3,997 23 C5c6f675dCa39d22762B Service Railgun.ch 0xFA7093CDD9EE6932B4e 24 277,906 USDC b2c9e1cde7CE00B1FA4b9 Privacy $277,906 Protocol 25 0xFA7093CDD9EE6932B4e Railgun.ch 22.41 wETH Privacy $97,688 b2c9e1cde7CE00B1FA4b9 26 Protocol 0x252262813114eB1FF5261 Link 10 ETH $40,020 27 E2408B39410a5a8dCCB Address
28 1 Cryptocurrency Destination Address Address USD Value and Volume Type 2 Coinbase 0xd5960CA93A0b3fEE31a6 $300,000 300,000 USDC Deposit B691BCA27e5C36701B83 3 Address 4 (Id. at ¶ 54.)5 5 In addition according to plaintiff, assets from the July 2 attack, amounting to 32,395 TAO, 6 were consolidated in a single Bittensor wallet. (Id. at ¶ 55.) Those assets were then transferred to 7 a KuCoin or MexC deposit address, both of which are separate cryptocurrency exchanges, or 8 routed through the TAO-wTAO bridge to the Railgun Privacy Protocol, at which point the assets 9 became untraceable. (Id. at ¶¶ 51, 55, 56.) The last known location of those assets are the 10 following deposit addresses: 11 Cryptocurrency Address 12 and Volume Destination Address Type USD Value 5CrmVKApX6sJybZaL1geHfz 13 8,295 TAO vHWeCpbavqrrXgYLCQmheh KuCoin $4,587,135 X2q 14 5FqBL928choLPmeFz5UVAv 11,100 TAO onBD5k7K2mZSXVC9RkFzL MexC $6,105,000 15 xoy2s Railgun.ch 16 333.621 ETH 0xFA7093CDD9EE6932B4eb Privacy $1,335,151 2c9e1cde7CE00B1FA4b9 Protocol 17 18 (Id. at ¶ 57.)6 19 Based upon these allegations, plaintiff asserts seven claims against the defendants: (1) 20 accessing protected computers without authorization and causing damage or loss in violation of 21 the Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030(a)(2)(C), 1030(a)(4) and 1030(a)(5)(C); 22 (2) intercepting electronic communications by Bittensor participants in violation of the Wiretap 23 Act, 18 U.S.C. § 2510, et seq.; (3) fraud; (4) conversion; (5) unjust enrichment; (6) imposition of 24 5 Though plaintiff alleges that the value of the assets taken amounted to approximately 25 $13,000,000, the amount in the Destination Addresses adds up only to $9,659,612. Plaintiff also does not clarify this discrepancy in its complaint. 26
27 6 Though plaintiff alleges that the value of the assets taken amounted to approximately $15,000,000, the amount in the Destination Addresses adds up only to $12,027,286. Plaintiff also 28 does not clarify this discrepancy in its complaint. 1 a constructive trust and disgorgement of funds; and (7) possession of stolen property in violation 2 of California Penal Code § 496. (Doc. No. 1 at ¶¶ 71–113.) 3 Plaintiff filed the pending ex parte motion for a temporary restraining order with its 4 complaint. (Doc. No. 2.) In that ex parte motion, plaintiff seeks an order from this court freezing 5 accounts that received allegedly stolen digital assets, including the assets held in the Destination 6 Addresses of the assets taken in the Bittensor cyberattacks, and other related digital accounts 7 maintained by defendants purportedly in order to preserve the status quo during the litigation of 8 this action. (Doc. No. 2-1 at 7.) Defendants also request authorization to conduct limited 9 expedited discovery to identify the “John Doe” defendant(s) and confirm the location of stolen 10 assets. (Id. at 7.) 11 LEGAL STANDARD 12 A. Temporary Restraining Order 13 The standard governing the issuing of a temporary restraining order is “substantially 14 identical” to the standard for issuing a preliminary injunction. See Stuhlbarg Int’l Sales Co. v. 15 John D. Brush & Co., 240 F.3d 832, 839 n.7 (9th Cir. 2001). “The proper legal standard for 16 preliminary injunctive relief requires a party to demonstrate ‘that he is likely to succeed on the 17 merits, that he is likely to suffer irreparable harm in the absence of preliminary relief, that the 18 balance of equities tips in his favor, and that an injunction is in the public interest.’” Stormans, 19 Inc. v. Selecky, 586 F.3d 1109, 1127 (9th Cir. 2009) (quoting Winter v. Nat. Res. Def. Council, 20 Inc., 555 U.S. 7, 20 (2008)); see also Ctr. for Food Safety v. Vilsack, 636 F.3d 1166, 1172 (9th 21 Cir. 2011) (“After Winter, ‘plaintiffs must establish that irreparable harm is likely, not just 22 possible, in order to obtain a preliminary injunction.’”); Am. Trucking Ass’ns v. City of Los 23 Angeles, 559 F.3d 1046, 1052 (9th Cir. 2009). A plaintiff seeking a preliminary injunction must 24 make a showing on all four of these prongs. All. for the Wild Rockies v. Cottrell, 632 F.3d 1127, 25 1135 (9th Cir. 2011). The Ninth Circuit has also held that “[a] preliminary injunction is 26 appropriate when a plaintiff demonstrates . . . that serious questions going to the merits were 27 raised and the balance of hardships tips sharply in the plaintiff’s favor.” Id. at 1134–35 (quoting 28 ///// 1 Lands Council v. McNair, 537 F.3d 981, 987 (9th Cir. 2008) (en banc)).7 The party seeking the 2 injunction bears the burden of proving these elements. Klein v. City of San Clemente, 584 F.3d 3 1196, 1201 (9th Cir. 2009); see also Caribbean Marine Servs. Co. v. Baldrige, 844 F.2d 668, 674 4 (9th Cir. 1988) (citation omitted) (“A plaintiff must do more than merely allege imminent harm 5 sufficient to establish standing; a plaintiff must demonstrate immediate threatened injury as a 6 prerequisite to preliminary injunctive relief.”). Finally, an injunction is “an extraordinary remedy 7 that may only be awarded upon a clear showing that the plaintiff is entitled to such relief.” 8 Winter, 555 U.S. at 22. 9 Relevant to the court’s consideration of plaintiff’s pending ex parte motion, a court may 10 only issue a temporary restraining order without notice to the adverse party when: 11 (A) specific facts in an affidavit or a verified complaint clearly show that immediate and irreparable injury, loss, or damage will result to 12 the movant before the adverse party can be heard in opposition [and] (B) the movant’s attorney certifies in writing any efforts made to give 13 notice and the reasons why it should not be required. 14 15 Fed. R. Civ. P. 65(b)(1). Moreover, ex parte temporary restraining orders “should be restricted to 16 serving their underlying purpose of preserving the status quo and preventing irreparable harm just 17 so long as is necessary to hold a hearing, and no longer.” Granny Goose Foods, Inc. v. Bhd. of 18 Teamsters & Auto Truck Drivers Loc. No. 70 of Alameda Cnty., 415 U.S. 423, 439 (1974). 19 B. Expedited Discovery 20 Federal Rule of Civil Procedure Rule 26(d) provides that no discovery can be sought 21 “from any source before the parties have conferred as required by Rule 26(f), except . . . when 22 authorized . . . by court order.” Fed. R. Civ. P. 26(d)(1). Generally, courts require a showing of 23 good cause to permit expedited discovery. In re Countrywide Fin. Corp. Derivative Litig., 542 F. 24 Supp. 2d 1160, 1179 (C.D. Cal. 2008), abrogated on other grounds by United States v. State
25 7 The Ninth Circuit has found that this “serious question” version of the circuit’s sliding scale approach survives “when applied as part of the four-element Winter test.” All. for the Wild 26 Rockies, 632 F.3d at 1134. “That is, ‘serious questions going to the merits’ and a balance of 27 hardships that tips sharply towards the plaintiff can support issuance of a preliminary injunction, so long as the plaintiff also shows that there is a likelihood of irreparable injury and that the 28 injunction is in the public interest.” Id. at 1135. 1 Water Res. Control Bd., 988 F.3d 1194, 1205 (9th Cir. 2021); Criswell v. Boudreaux, No. 1:20- 2 cv-01048-DAD-SAB, 2020 WL 5235675, at *25 (E.D. Cal. Sept. 2, 2020). “Good cause may be 3 found where the need for expedited discovery, in consideration of the administration of justice, 4 outweighs the prejudice to the responding party.” Semitool, Inc. v. Tokyo Electron Am., Inc., 208 5 F.R.D. 273, 276 (N.D. Cal. 2002). In determining whether good cause exists, courts consider: 6 “(1) whether a preliminary injunction is pending; (2) the breadth of the discovery request; (3) the 7 purpose for requesting the expedited discovery; (4) the burden on the defendants to comply with 8 the requests; and (5) how far in advance of the typical discovery process the request was made.” 9 Rovio Ent. Ltd. v. Royal Plush Toys, Inc., 907 F. Supp. 2d 1086, 1099 (N.D. Cal. 2012). 10 Applying the test set forth in Semitool, California district courts have found good cause to 11 authorize expedited discovery to ascertain the identity of an unknown defendant. See, e.g., AF 12 Holdings LLC v. Doe, No. 2:12-cv-02207-KJM-DAD, 2012 WL 6608993, at *1 (E.D. Cal. Dec. 13 18, 2012) (granting leave to conduct expedited discovery to determine the identity of a Doe 14 defendant in a copyright infringement action); First Time Videos, LLC v. Doe, No. 2:12-cv- 15 00621-GEB-EFB, 2012 WL 1355725 (E.D. Cal. Apr. 18, 2012) (same); UMG Recordings, Inc. v. 16 Doe, No. 08-cv-03999-RMW, 2008 WL 4104207 (N.D. Cal. Sept. 4, 2008) (same); Arista Recs. 17 LLC v. Does 1–43, No. 07-cv-02357-LAB-POR, 2007 WL 4538697 (S.D. Cal. Dec. 20, 2007) 18 (same). Moreover, the Ninth Circuit has held that “‘where the identity of the alleged defendant[ ] 19 [is] not [ ] known prior to the filing of a complaint[,] the plaintiff should be given an opportunity 20 through discovery to identify the unknown defendants, unless it is clear that discovery would not 21 uncover the identities, or that the complaint would be dismissed on other grounds.’” Wakefield v. 22 Thompson, 177 F.3d 1160, 1163 (9th Cir. 1999) (alteration in original) (quoting Gillespie v. 23 Civiletti, 629 F.2d 637, 642 (9th Cir. 1980)). 24 To determine whether a plaintiff has established good cause to seek the identity of a Doe 25 defendant through expedited discovery, courts consider the following: 26 whether the plaintiff (1) identifies the Doe defendant with sufficient specificity that the Court can determine that the defendant is a real 27 person who can be sued in federal court, (2) recounts the steps taken to locate and identify the defendant, (3) demonstrates that the action 28 can withstand a motion to dismiss, and (4) proves that the discovery 1 is likely to lead to identifying information that will permit service of process. 2 3 ZG TOP Tech. Co. v. Doe, No. 19-cv-00092-RAJ, 2019 WL 917418, at *2 (W.D. Wash. Feb. 25, 4 2019) (citing Bodyguard Prods., Inc. v. Doe 1, 17-cv-01647-RSM, 2018 WL 1470873, at *1 5 (W.D. Wash. Mar. 26, 2018)); see also Columbia Ins. Co. v. seescandy.com, 185 F.R.D. 573, 6 578–80 (N.D. Cal. 1999). 7 DISCUSSION 8 Below, the court first analyzes whether plaintiff has met its burden under Rule 65(b)(1)(b) 9 to justify the granting of an ex parte temporary restraining order in this case. The court then 10 addresses whether plaintiff has met its burden of demonstrating an irreparable injury which would 11 warrant the granting of the requested relief. Finally, the court considers whether plaintiff has 12 adequately supported its request for the authorization of expedited discovery to attempt to 13 discover the identities of Doe defendant(s). 14 A. Rule 65 Notice 15 As addressed above, a temporary restraining order may be issued without notice to the 16 adverse party or its attorney only under strictly limited circumstances. Fed. R. Civ. P. 65(b)(1); 17 see also L.R. 231(a) (“Except in the most extraordinary of circumstances, no temporary 18 restraining order shall be granted in the absence of actual notice to the affected party and/or 19 counsel, by telephone or other means, or a sufficient showing of efforts made to provide notice.”) 20 (emphasis added). The Supreme Court has emphasized, an ex parte temporary restraining order 21 is justified only in very limited circumstances: 22 The stringent restrictions imposed . . . by Rule 65 on the availability of ex parte temporary restraining orders reflect the fact that our entire 23 jurisprudence runs counter to the notion of court action taken before reasonable notice and an opportunity to be heard has been granted 24 both sides of a dispute. Ex parte temporary restraining orders are no doubt necessary in certain circumstances, but under federal law they 25 should be restricted to serving their underlying purpose of preserving the status quo and preventing irreparable harm just so long as is 26 necessary to hold a hearing, and no longer. 27 Granny Goose Foods, Inc., 415 U.S. at 438–39 (internal citation omitted); McZeal v. EMC Mortg. 28 Corp., No. 13-cv-07220-MMM-CW, 2013 WL 12138853, at *1 n. 3 (C.D. Cal. Nov. 4, 2013) 1 (“Only in rare circumstances can a federal court issue a TRO without written or oral notice to the 2 adverse party.”). “In cases where notice could have been given to the adverse party, courts have 3 recognized ‘a very narrow band of cases in which ex parte orders are proper because notice to the 4 defendant would render fruitless the further prosecution of the action.’” Reno Air Racing Ass’n, 5 Inc. v. McCord, 452 F.3d 1126, 1131 (9th Cir. 2006) (quoting Am. Can Co. v. Mansukhani, 742 6 F.2d 314, 322 (7th Cir. 1984)); see also Harnden v. Perez, No. 21-cv-09231-LHK, 2021 WL 7 7367123, at *3 (N.D. Cal. Dec. 8, 2021). 8 Here, plaintiff’s counsel has submitted an affidavit pursuant to Rule 65(b)(1)(b) stating 9 that providing advance notice to defendants in this case would make it highly likely that they 10 would move the assets at issue out of the reach of this court. (Doc. No. 2-3 at ¶ 4.) The court 11 acknowledges that cryptocurrency such as that at issue here “poses a heightened risk of asset 12 dissipation.” FTC v. Dluca, No. 18-cv-60379-LSS, 2018 WL 1830800, at *2–3 (S.D. Fla. Feb. 13 28, 2018) (“[C]ryptocurrencies are circulated through a decentralized computer network, without 14 relying on traditional banking institutions or other clearinghouses. This independence from 15 traditional custodians makes it difficult for law enforcement to trace or freeze cryptocurrencies in 16 the event of fraud or theft[]”), report and recommendation adopted, No. 18-cv-60379-KMM- 17 LSS, 2018 WL 1811904 (S.D. Fla. Mar. 12, 2018). However, “a single conclusory statement by 18 counsel about” what defendants may do is insufficient to meet the requirements of Rule 19 65(b)(1)(b). Reno Air Racing Ass’n., Inc., 452 F.3d at 1132 (“Were a single conclusory statement 20 by counsel about infringers sufficient to meet the dictates of Rule 65, then ex parte orders without 21 notice would be the norm and this practice would essentially gut Rule 65’s notice 22 requirements.”). Here, the bare statement by plaintiff’s counsel that defendants are likely to 23 immediately move the cryptocurrency assets at issue in this action through channels designed to 24 prevent tracing of those assets is unsupported by evidence and is insufficient to justify the 25 granting of ex parte relief. See Nexon Am. Inc. v. GK, No. 5:21-cv-00886-JWH, 2021 WL 26 9315450, at *3 (C.D. Cal. Sept. 2, 2021) (finding that the plaintiff’s assertion that the defendants 27 “most certainly will move assets to other accounts” upon notice was insufficient to support the 28 issuance of an ex parte temporary restraining order). 1 To support its contention that defendants will immediately begin transferring assets, 2 plaintiff also provides a declaration from Adam Zarazinski (“the Zarazinski declaration”), the 3 CEO of a financial intelligence company who has developed expertise in financial data analysis, 4 digital forensics, and cryptocurrency. (Doc. No. 2-2 at ¶¶ 2, 3.) The declaration was prepared 5 after the declarant was hired by Opentensor to investigate the Bittensor attacks. (Id. at ¶ 6.) In it, 6 Mr. Zarazinski indicates that defendants’ actions are consistent with illicit actors in 7 cryptocurrency fraud cases. (Id. at ¶ 38.) He declares that in his experience, “advance notice to 8 cryptocurrency thieves of legal proceedings typically results in immediate attempts to move 9 assets[.]” (Id. at ¶ 39.) 10 However, a plaintiff seeking ex parte relief on the basis that the adverse party will transfer 11 assets must support that assertion by, for instance, showing that the adverse party has a history of 12 disregarding court orders or that persons similar to the adverse party have such a history. See 13 Adobe Sys., Inc. v. S. Sun Prods., Inc., 187 F.R.D. 636, 640 (S.D. Cal. 1999) (discussing how, in 14 order to justify proceeding ex parte, the plaintiff was required to show that the defendants would 15 have disregarded a court order and destroyed evidence within the time it would take to hold a 16 hearing) (citing First Tech. Safety Sys., Inc. v. Depinet, 11 F.3d 641, 650–51 (6th Cir. 1993)). 17 Here, the Zarazinski declaration provides no support for any suggestion that the named 18 defendants have a history of disobeying court orders, but rather states only that “cryptocurrency 19 thieves” will immediately attempt to move assets upon notice of legal proceedings. (Doc. No. 2-2 20 at ¶ 39.) The Zarazinski declaration simply does not provide support for plaintiff’s contention 21 that those accused of stealing cryptocurrency will immediately attempt to transfer assets. See Int’l 22 Mkts. Live, Inc. v. Huss, No. 2:20-cv-00866-JAD-BNW, 2020 WL 2559926, at *2 (D. Nev. May 23 20, 2020) (holding that the plaintiff did not meet the “demanding burden” to obtain ex parte relief 24 where the plaintiff had not shown either that the defendant had a history of violating court orders 25 or that persons in a similar situation have a history of violating court orders). Accordingly, the 26 court concludes that plaintiff has not met its burden of showing that defendants would violate a 27 court order and transfer assets if provided with the presumptively required notice. 28 ///// 1 Plaintiff has not met its burden under Rule 65(b)(1)(b) of justifying the issuance of relief 2 on an ex parte basis based on the declarations it has submitted to the court. The court will 3 therefore deny plaintiff’s ex parte motion for a temporary restraining order without prejudice to it 4 renewing its motion upon providing notice to the adverse parties as required under Rule 65. 5 Nevertheless, for the sake of efficiency, the court will analyze below whether plaintiff has 6 sufficiently demonstrated a likelihood of irreparable harm that would justify the issuance of a 7 temporary restraining order. 8 B. Irreparable Harm 9 The risk of irreparable harm must be “likely, not just possible.” All. for the Wild Rockies, 10 632 F.3d at 1131. “Speculative injury does not constitute irreparable injury sufficient to warrant 11 granting a preliminary injunction.” Caribbean Marine Servs. Co., 844 F.2d at 674. 12 Here, plaintiff argues that it has demonstrated a likelihood of irreparable harm because, 13 should defendants be given advance notice, defendants “will likely . . . move assets through 14 mixers, privacy protocols, or to unregulated exchanges in non-cooperative jurisdictions.” (Doc. 15 No. 2-1 at 18.) It asserts that such moves would likely make it impossible to compel return of the 16 assets that are the subject of this action. (Id.) Based upon the Zarazinski declaration, plaintiff 17 further asserts that defendants resumed stolen asset transfers on January 20, 2025, creating a risk 18 of imminent asset dissipation. (Id.; Doc. No. 2-2 at ¶ 33.) 19 “The propriety of a TRO hinges on a significant threat of irreparable injury that must be 20 imminent in nature.” Farmers Ins. Exch. v. Steele Ins. Agency, No. 2:13-cv-00784-MCE-DAD, 21 2013 WL 1819988, at *1 (E.D. Cal. Apr. 30, 2013) (citing Caribbean Marine Servs. Co., 844 22 F.2d at 674)); see also Yamout v. Scapa, No. 24-cv-08876-SVW-PD, 2024 WL 5185324, at *3–4 23 (C.D. Cal. Oct. 22, 2024) (finding that an unexplained delay of ten months in filing a motion 24 seeking a temporary restraining order weighed against a finding of irreparable harm) (citing 25 Oakland Trib., Inc. v. Chron. Publ’g Co., 762 F.2d 1374, 1377 (9th Cir. 1985)). Notable here is 26 that neither plaintiff, nor its assignor of rights Nakamoto, sought a temporary restraining order 27 until January 27, 2025, despite discovery of the alleged cyberattacks on July 3, 2024. (Doc. No. 28 2-1 at 9.) Seemingly addressing the issue of plaintiff’s delay, Mr. Zarazinski declares that on 1 January 20, 2025, two of the Destination Addresses began transferring assets after a period of 2 inactivity that began in July 2024. (Doc. No. 2-2 at ¶ 33); see Stephens v. Doe, No. 23-cv-04183- 3 JD, 2023 WL 5988592, at *1 (N.D. Cal. Sept. 13, 2023) (finding that, when the plaintiff had 4 waited more than 90 days to request a temporary restraining order and offered no evidence that 5 the targeted assets were being transferred, there was no pressing need for a TRO). The Zarazinski 6 declaration also states that consolidation of assets into certain digital wallets for extended periods 7 followed by sudden transfers is common in cryptocurrency fraud cases, which heightens the risk 8 of imminent dissipation of funds. (Doc. No. 2-2 at ¶ 38.) Based on this opinion, plaintiffs argue 9 that the risk of further asset dissipation is imminent due to the typical behavior of cryptocurrency 10 thieves. (Doc. No. 2-1 at 18.) 11 This court has previously recognized that under certain circumstances the risk of 12 irreparable harm is heightened in the context of fraudulent transfers of cryptocurrency due to the 13 risk of asset dissipation. See Jacobo v. Doe, No. 1:22-cv-00672-DAD-BAK, 2022 WL 2052637, 14 at *5 (E.D. Cal. June 7, 2022); Gaponyuk v. Alferov, No. 2:23-cv-01317-KJM-JDP, 2023 WL 15 4670043, at *3 (E.D. Cal. July 20, 2023) (noting that cryptocurrency transactions can be 16 untraceable and anonymous creating risks of asset dissipation); see also Yogaratnam v. Dubois, 17 No. 24-cv-00393-NJB, 2024 WL 758387, at *4 (E.D. La. Feb. 23, 2024) (finding that the plaintiff 18 in that case had made a showing of irreparable harm because the defendants could transfer 19 allegedly stolen assets to inaccessible digital wallets at any moment). 20 However, other district courts have concluded that the issuance of a temporary restraining 21 order is generally inappropriate in cases involving the alleged theft of cryptocurrency where 22 monetary damages were available and would suffice. See Newton AC/DC Fund L.P. v. Hector 23 DAO, No. 24-cv-00722-RK-JBD, 2024 WL 580182, at *3–4 (D.N.J. Feb. 13, 2024) (holding that, 24 where the plaintiff did not make a showing that the defendants were likely unable to pay an award 25 of money damages, the plaintiff had not shown irreparable injury justifying injunctive relief); see 26 also Schiermeyer ex rel. Blockchain Game Partners, Inc. v. Thurston, 697 F. Supp. 3d 1265, 27 1272–73 (D. Utah 2023) (finding that, because cryptocurrency tokens are “fungible and easy to 28 value,” the plaintiff had failed to make an adequate showing of imminent irreparable harm 1 because he had not demonstrated that the defendant would be unable to pay an award of monetary 2 damages); MacDonald v. Dynamic Ledger Sols., Inc., No. 17-cv-07095-RS, 2017 WL 6513439, 3 at *3 (N.D. Cal. Dec. 20, 2017) (finding that the plaintiff had not shown an immediate risk of 4 irreparable harm where it was unclear that damages would be inadequate to compensate the 5 plaintiff). In making the determination of whether monetary damages are actually available and 6 therefore would provide sufficient relief in cryptocurrency fraud cases, courts have looked to 7 factors such as whether the defendants’ identities are known, whether the fraudulent scheme is 8 ongoing, and the defendants’ conduct in the litigation. See Blum v. Tara, No. 3:23-cv-24734- 9 MCR-HTC, 2024 WL 5317287, at *4 (N.D. Fla. Feb. 5, 2024) (collecting cases in the context of 10 a permanent injunction and finding irreparable injury was demonstrated where the defendants had 11 defaulted and appeared to intend to continue a fraudulent scheme); Bullock v. Doe, No. 23-cv- 12 03041-CJW-KEM, 2023 WL 9503380, at *5 (N.D. Iowa Nov. 3, 2023) (finding that where the 13 identity of the defendants was unknown and the cryptocurrency assets could be quickly 14 transferred that plaintiff had demonstrated irreparable injury). 15 Based on their delay in filing this action and the pending motion for emergency relief as 16 well as their failure to show that monetary damages are likely to be unavailable or otherwise 17 insufficient, the court believes plaintiff has not at this time met its burden of demonstrating a 18 likelihood of irreparable harm absent the granting of the requested relief. In the present case, 19 plaintiff’s Zarazinski declaration indicates that the Bittensor cyberattacks began seven months 20 prior to the filing of plaintiff’s request for a temporary restraining order and six months prior to 21 the discovery by Opentensor of the Bittensor attacks, though it does not state when the assets 22 stolen in the attacks were traced to the Destination Addresses. (Doc. No. 2-2 at ¶¶ 13, 17.) Mr. 23 Zarazinski also declares that after the Bittensor attacks, the attackers transferred assets to the 24 Destination Addresses, but he does not state when those transfers occurred other than the transfers 25 received by two specific Destination Addresses on July 3, 2024. (Id. at ¶ 33.) Though plaintiff’s 26 investigation has apparently revealed that some assets of unknown origin were transferred on 27 January 20, 2025, this is not an adequate basis upon which to find a risk of “imminent” injury 28 based on the comparatively small volume of asset transfers to the amount allegedly taken in the 1 Bittensor attacks and the months-long delay in seeking emergency relief. See Stephens, 2023 WL 2 5988592, at *1 (holding that the plaintiff had not demonstrated imminent irreparable injury where 3 95 percent of the assets at issue were sitting undisturbed in digital wallets for 90 days). Plaintiff 4 has also failed to allege that the named defendants would be unable to pay an award of monetary 5 damages should it prevail in this case. See Schiermeyer, 697 F. Supp. 3d at 1273 (holding that, 6 because the stolen cryptocurrency was fungible, the plaintiff must demonstrate that the defendant 7 was likely to be unable to pay an award of monetary damages to demonstrate a likelihood of 8 irreparable harm); Bandyopadhyay v. Defendant 1, No. 22-cv-22907-BB, 2023 WL 2263552, at 9 *5–7 (S.D. Fla. Feb. 28, 2023) (holding, in a cryptocurrency fraud context, that the plaintiff had 10 not shown irreparable injury where the plaintiff had not shown monetary damages would not 11 compensate him for his loss); see also Cal. Pharmacists Ass’n v. Maxwell-Jolly, 563 F.3d 847, 12 851–52 (9th Cir. 2009) (“Typically, monetary harm does not constitute irreparable harm. . . . 13 [E]conomic damages are not traditionally considered irreparable because the injury can later be 14 remedied by a damage award.”) (emphasis in original), vacated on other grounds by Douglas v. 15 Indep. Living Ctr. of S. Cal., Inc., 565 U.S. 606 (2012). 16 Other factors relied upon by courts as weighing in favor of granting injunctive relief in 17 somewhat similar cases are also absent here. Though the risks of asset dissipation in the 18 cryptocurrency context may be heightened, particularly when a “plaintiff has been unable to 19 identify the people behind the alleged scheme,” plaintiff in this case has identified and named 20 three defendants. Bullock, 2023 WL 9503380, at *5 (finding that the likelihood the defendants 21 would move cryptocurrency assets out of the plaintiff’s reach was heightened where the 22 defendants’ identities were unknown). Unlike in a previous case before the undersigned, there is 23 no indication here that defendants have begun liquidating cryptocurrency assets. See Jacobo, 24 2022 WL 2052637, at *1–2 (describing the plaintiff’s allegations that the unidentified defendant 25 may have begun liquidating assets); see also Leidel v. Project Invs., Inc., No. 9:16-cv-80060- 26 KAM, 2021 WL 4991325, at *2 (S.D. Fla. May 28, 2021) (finding that the plaintiff had shown 27 the likelihood of irreparable injury where the defendant had begun to liquidate stolen assets). 28 Because the identity of at least some defendants are known and the assets at issue have remained 1 static for an extended period, it would appear that plaintiff must make some showing that those 2 defendants are likely to be unable to pay an award of damages were plaintiff to prevail in this 3 action. See Newton AC/DC Fund L.P., 2024 WL 580182, at *3 (finding that the plaintiff had not 4 shown irreparable injury when it had not shown that the identified defendants would be unable to 5 pay an award of damages). 6 Finally, even if plaintiff had met its burden of demonstrating irreparable harm, the court 7 must ensure that the injunctive relief sought is targeted at preventing the irreparable injury 8 present, specifically the dissipation of assets that its assignor owns. See, e.g., Stephens, 2023 WL 9 5988592, at *2 (denying a request for a temporary restraining order where the plaintiff did not 10 demonstrate that the listed accounts contained only assets that he purportedly owned); Huntley v. 11 VBit Techs. Corp., No. 22-cv-01164-CFC-SRF, 2023 WL 5938665, at *4–5 (D. Del. Aug. 10, 12 2023) (finding that, where the evidence showed that certain wallets held assets owned by 13 numerous individuals, the plaintiff was required to show that the extraordinary remedy of 14 imposing a prejudgment freeze on those wallets was necessary in order to prevent irreparable 15 harm), report and recommendation adopted, No. 22-cv-01164-CFC-SRF, 2023 WL 5932946 (D. 16 Del. Sept. 12, 2023). Here, plaintiff contends that the tokens valued at $13,000,000 it alleges 17 were stolen from its assignor were taken during the June 1 cyberattack. (Doc. No. 2-1 at 9.) 18 Plaintiff also provides a list of the Destination Addresses of the assets taken in that attack. (Doc. 19 Nos. 1 at ¶ 54; 2-2 at ¶ 18.) However, plaintiff has not presented any evidence that those 20 Destination Addresses contain only assets which were stolen from its assignor in the June 1 21 attack. Indeed, the Zarazinski declaration indicates that some of the assets taken during that 22 cyberattack were put into the Binance exchange, which uses an omnibus account system that 23 pools funds from multiple users into shared wallets. (Doc. No. 2-2 at ¶¶ 18, 36.) Freezing of the 24 assets contained in the Destination Addresses associated with such a system would clearly appear 25 to impact nonparties to this litigation, since nonparties may well have had their assets pooled into 26 the same digital wallets as the assets at issue in this case. See Huntley, 2023 WL 5938665, at *5 27 (denying the request for the extraordinary remedy of freezing assets where the plaintiffs did not 28 show that the assets being frozen were controlled by the defendants). Therefore, the court 1 concludes that plaintiff has not met its burden of showing that the emergency relief it seeks is 2 appropriate to prevent the harm that plaintiff contends it will suffer. See, e.g., Montes v. U.S. 3 Bank N.A., 10-cv-00022-PSG-JC, 2010 WL 11597574, at *2 (C.D. Cal. Jan. 12, 2010) (denying a 4 request for temporary restraining order on the basis that the plaintiff failed to meet its burden to 5 show a likelihood of irreparable injury); Vigneron Partners, LLC v. Woop Woop Wines Pty Ltd., 6 No. 06-cv-00527-JF, 2006 WL 8460096 (N.D. Cal. Mar. 31, 2006) (same). 7 If plaintiff were to renew its motion for a temporary restraining order after providing the 8 required notice, it is directed to also address the deficiencies noted in this order with respect to its 9 showing of irreparable harm. 10 C. Expedited Discovery8 11 Plaintiff also seeks to expedite discovery to attempt to identify unknown defendants. 12 (Doc. No. 2-1 at 21.) To that end, plaintiff argues that it has demonstrated good cause to seek the 13 identity of these unknown defendants based on its pending request for a temporary restraining 14 order and the narrow tailoring of its proposed discovery request. (Id. at 22.) Plaintiff contends it 15 can discover these identities through third-party subpoenas directed to the cryptocurrency 16 exchanges Coinbase, Binance, Whitebit, eXch, Kucoin, HTX, MexC, Elolix, Kraken, and OKX 17 (collectively “the Exchanges”). (Id. at 23.) In particular, plaintiff seeks to obtain: 18 [C]urrently unavailable transaction histories from May 1, 2024 (approximately 1 month before the attack) until the present, 19 including (1) records of deposits and withdrawals; (2) records of transfers to/from identified wallet addresses; (3) information about 20 source and destination of funds; and (4) records of currency conversions or swaps. 21 With respect to the identity of unknown defendants, Plaintiff intends 22 to seek narrowly tailored information including (1) account opening and closing documents; (2) Know Your Customer (KYC) and Anti- 23 Money Laundering (AML) verification materials; (3) government- issued identification documents; (4) proof of address documentation; 24 and (5) information about beneficial owners and authorized users. 25
8 The undersigned is addressing plaintiff’s motion for expedited discovery in this order because 26 of its inclusion with the ex parte application for a temporary restraining order. However, the 27 undersigned notes that any future motions pertaining to discovery, including those related to expedited discovery, are to be properly noticed before the assigned magistrate judge in 28 accordance with Local Rule 302(c)(1). L.R. 302. 1 (Id. at 23–24.) 2 “In the Ninth Circuit, courts use the ‘good cause’ standard to determine whether discovery 3 should be allowed to proceed prior to a Rule 26(f) conference.” Rovio Ent. Ltd., 907 F. Supp. 2d 4 at 1099. As noted above, “[i]n considering whether good cause exists, factors courts may 5 consider include: (1) whether a preliminary injunction is pending; (2) the breadth of the 6 discovery request; (3) the purpose for requesting the expedited discovery; (4) the burden on the 7 defendants to comply with the requests; and (5) how far in advance of the typical discovery 8 process the request was made.” Id. (citing Am. LegalNet, Inc. v. Davis, 673 F. Supp. 2d 1063, 9 1067 (C.D. Cal. 2009)). 10 In this case, plaintiff has diligently sought out the identities of the unknown defendant(s) 11 by employing a cryptocurrency investigator to identify the accounts to which its assignor’s assets 12 were transferred. (Doc. No. 2-2 at ¶¶ 2–4) (describing the qualifications of plaintiff’s 13 investigator); see Lee v. Does #1-3, No. 2:23-cv-02008, 2024 WL 472375, at *1 (W.D. Wash. 14 Jan. 10, 2024) (holding that the plaintiff had shown good cause for expedited discovery as to the 15 identity of the unknown defendants where diligence was shown by the hiring of a cryptocurrency 16 investigator). As discussed above, plaintiff has recounted in its motion and attached declarations 17 the steps it has taken to trace the destinations and the specific wallet addresses the allegedly 18 stolen assets are currently in. “Courts routinely allow early discovery for the limited purpose of 19 identifying defendants on whom process could not otherwise be served, which is precisely 20 Plaintiff[’s] intent here.” Amazon.com, Inc. v. Does 1-20, No. 2:24-cv-01083-TL, 2024 WL 21 4893384, at *2 (W.D. Wash. Nov. 26, 2024) (internal quotation marks omitted) (quoting 22 Amazon.com, Inc. v. Dafang Haojiafu Hotpot Store, No. 2:21-cv-00766-RSM, 2022 WL 23 2511742, at *2 (W.D. Wash. June 8, 2022)). Accordingly, the court will grant plaintiff’s request 24 for expedited discovery directed to the above-listed cryptocurrency exchanges solely for the 25 purpose of obtaining identifying information about the unknown defendant(s). Upon service of a 26 Rule 45 subpoena to the Exchanges, defendants or the Exchanges will have an opportunity to 27 raise objections through a motion to quash in which they could attempt to demonstrate to the 28 court that prejudice to them outweighs plaintiff’s need for the information sought. 1 However, the court does not find that plaintiff has narrowly tailored all of its proposed 2 discovery requests to the cryptocurrency exchanges or provided good cause for the authorizing of 3 expedited discovery beyond specific identifying information about the Doe defendant. In 4 particular, plaintiff’s proposed discovery requests for documents and information regarding 5 transactions involving the Destination Addresses and communication with defendant and any 6 non-party accountholder of the Destination Addresses appears to “seek affirmative relief from 7 this [c]ourt that is the subject of this lawsuit, and go[es] well beyond the request for expedited 8 discovery.” See ZG TOP Tech. Co., 2019 WL 917418, at *3. Other district courts in this circuit 9 have declined to broaden the scope of expedited discovery to transaction information, even when 10 a plaintiff contends, as plaintiff does here, that it needs this information to prevent asset 11 dissipation. See Lee, 2024 WL 472375, at *2 (finding that the potential harms to the defendants 12 of exposing sensitive account information outweighed the risk of loss to the plaintiff); Kovalenko 13 v. Does 1-5, No. 2:22-cv-01578-TL, 2022 WL 17582483, at *3 (W.D. Wash. Dec. 12, 2022) 14 (authorizing expedited discovery for the limited purpose of identifying the defendants but not as 15 to discovery of cryptocurrency wallet addresses and transaction numbers). 16 Accordingly, the court will deny authorization of discovery requests not targeted at the 17 identities of the unknown defendants on an expedited basis. 18 CONCLUSION 19 For the reasons explained above, plaintiff’s motion for a temporary restraining order is 20 denied and plaintiff’s motion for expedited discovery is granted in part (Doc. No. 2) as follows: 21 1. Plaintiff’s motion for a temporary restraining order is denied without prejudice to 22 refiling with proper notice; 23 2. Plaintiff’s motion for expedited discovery is granted in part as follows: 24 a. Plaintiff may immediately serve a Rule 45 subpoena on the Exchanges 25 seeking the following information about the owners and authorized users of 26 the Destination Addresses (the unknown defendant(s)): legal name, street 27 address, telephone number, and email address. It may not include 28 defendants’ social security numbers. A copy of this order shall be attached 1 to the subpoena; 2 i. If a cryptocurrency exchange is served with a subpoena authorized 3 by this order, it shall serve a copy of the subpoena and a copy of 4 this order to the defendant and any other affected user as soon as 5 possible after service of the subpoena. The cryptocurrency 6 exchange may serve the user using any reasonable means, including 7 written notice sent to the user’s last known address, transmitted 8 either by first-class mail or via overnight service. The 9 cryptocurrency exchange shall provide plaintiff with the date when 10 such notice was provided to any affected user; 11 ii. The cryptocurrency exchanges and any affected user shall have 12 fourteen (14) days from the respective date of service of the 13 subpoena upon them to object to the subpoena pursuant to Federal 14 Rule of Civil Procedure 45(d)(2)(B); 15 iii. The cryptocurrency exchanges shall not disclose the identifying 16 information of the owners and authorized users of the Destination 17 Addresses, or such information for any other affected user, during 18 the 14-day period or if a timely objection is served unless and until 19 the Court orders it to do so; 20 iv. If an objection is served, the cryptocurrency exchanges shall 21 preserve any material responsive to the subpoena for a period of no 22 less than ninety (90) days in order to allow plaintiff to move for an 23 order compelling production under Federal Rule of Civil Procedure 24 45(d)(2)(B)(i); and 25 v. If no objection is served, the cryptocurrency exchanges shall 26 comply with the subpoena within twenty-one (21) days of service; 27 ///// 28 ///// 1 b. Plaintiff's motion for expedited discovery (Doc. No. 2) is denied as to all 2 its other proposed discovery requests. 3 IT IS SO ORDERED. * Dated: _February 7, 2025 Dal A. 2, sxe 5 DALE A. DROZD ‘ UNITED STATES DISTRICT JUDGE 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 24