Author: Shao Shiwei As a complainant, if you want to file a criminal complaint in mainland China to hold the perpetrator accountable, you first need to establish a prerequisite: the perpetrator must be located in mainland China. If the perpetrator is in Hong Kong or overseas, even if the domestic police file a case, there is a high probability that there will be no further action. The reasons for this can be found in the article "Can Chinese Police Arrest People Overseas for Telecom and Internet Fraud?", which will not be elaborated upon here. This is also why many overseas Web3 projects that exploit users are often ineffective even if domestic users report them to the police, because these individuals are usually located overseas. With that in mind, let's get down to business. For the accuser, the first questions they'll face are: What documents are required for a police report? Which police station should I file a complaint with? If I report the case to the police, will they determine that I am engaged in illegal business and initiate an investigation against me? Who is qualified to file a lawsuit as a "victim"? For Web3 project owners, if project personnel are involved in accepting kickbacks from trading partners, embezzling or misappropriating project funds by abusing their positions, or if project funds are defrauded or stolen, which entity should report the case as the victim? This needs to be discussed on a case-by-case basis, depending on whether the Web3 project owner has established a physical company in China. Generally, Web3 platform operators often set up their main projects in Hong Kong, Singapore, the Cayman Islands, etc., but at the same time, considering factors such as labor costs and ease of communication and management, they will recruit employees in China. For larger platforms, such as cryptocurrency exchanges, it is common to cooperate with domestic third-party companies. These domestic third-party outsourcing companies sign labor contracts with employees and pay social security contributions. However, many Web3 projects are actually established by the actual controller or by a third party instructed by the actual controller. These companies then hire employees, pay social security contributions, and distribute salaries. In this situation, the appropriate reporting entity becomes crucial to whether a case can be filed. If the Web3 project that is actually registered overseas suffers losses, can a domestic entity be sued as the victim? Referring to traditional criminal cases, if a foreign-invested enterprise is the victim and it has subsidiaries, branches, or offices in China, then the subsidiaries, branches, or offices can file a lawsuit together with the foreign-invested enterprise as victims. Therefore, if the Web3 platform can prove that its domestically established companies are related to it, then the domestic companies should be able to jointly file a lawsuit as the victimized entity. However, in many Web3 projects, although the main project is located overseas, the labor relationship with domestic employees is established only through a third-party human resources outsourcing company. At this time, a practical problem arises: can the partner company file a lawsuit as a "victim"? From a legal perspective, third-party outsourcing companies typically do not directly participate in project fund management, nor do they have the right to control or profit from the assets involved. Therefore, their legal status is often difficult to establish as victims. If they file a police report in their name, they may face the risk of being questioned for lacking direct losses or a basis for their rights. However, in judicial practice, there are still instances where a partner company acts as the reporting entity, with its staff submitting materials on its behalf. While this practice can indeed advance a case into the investigation process in some cases, it also provides the defense with a point of entry to argue whether the reporting entity is consistent with the actual interested party. For Web3 project teams, another key issue needs to be addressed: whether the platform itself can be identified as a "victim" under Chinese law. Certain Web3 business models, such as on-chain prediction markets, derivatives trading, and on-chain token liquidity matching, have clear regulatory status in some countries and regions. However, in mainland China, because cryptocurrency-related businesses are included in the "key prevention and prudent supervision scope," judicial authorities often consider two aspects when determining whether a platform possesses "legitimate rights": Whether the entity's qualifications comply with legal regulations (whether it has the qualifications to operate legally within the territory); Whether the business activities involved fall within the scope of domestic laws that prohibit or restrict them. Therefore, if a platform's core business falls within the prohibited scope of operations in mainland China, its legal basis as a "victim" will be limited, and the corresponding sue path will become more complicated. However, this does not mean that all Web3 businesses are ineligible for victim status. If a platform's business nature does not involve areas explicitly prohibited in China, and it can prove actual damage and a connection to asset rights, it may still be recognized as a victim by judicial authorities. Will filing a police report inadvertently create risks for the Web3 project team itself? This is one of the issues that the project team is most concerned about when considering criminal charges. Given domestic policies such as the "924 Notice," virtual currency-related businesses are classified as illegal financial activities. Therefore, if a project team reports a case to the police, it needs to assess the legality of the project itself. Otherwise, it may not only be difficult to be recognized as a "victim" under Chinese law, but it could also face criminal charges. However, illegal financial activities are not the same as criminal offenses or specific criminal charges. The level of risk of a business still needs to be comprehensively assessed based on factors such as whether it targets users in mainland China and whether it absorbs funds from domestic users. Because many project owners are uncertain about this, some people take advantage of their concerns about "domestic risks" to extort money under the guise of "exposure," "rights protection," or "reporting." For example, it was reported that[i], on October 16, 2023, Billy Wen, founder of Negentropy Capital, stated on the X platform that his fund had been blackmailed by a so-called rights protection group after investing in a Web3 project last year. He then reported the case to the Longgang police in Shenzhen, and the case was filed. The suspect, Wu, was suspected of extorting 50,000 USDT (totaling more than 300,000 yuan). Wu stated that he was instigated by a Twitter influencer named BitRun, who provided him with fabricated rights protection materials to carry out blackmail online. The court will hear and pronounce judgment on the case soon. It is evident that even under prudent regulation, not all project owners are left without recourse. As long as they clearly define the basis of their rights and conduct a preliminary assessment of the legality risks of their business operations, they may still be able to obtain support from judicial authorities. Which police station should I report the case to? — Determining Jurisdiction Which police station should I report the crime to, and which police station has jurisdiction over the case? For the person reporting the crime, if they rush to report it without first clarifying this question, the following problems may arise: The public security authorities refused to accept the case on the grounds of "lack of jurisdiction". Transferring and shirking responsibility between public security organs in different regions Even if a case is filed, the defense may later raise objections on the grounds of "improper jurisdiction," affecting the course of the case. Therefore, clarifying jurisdiction is the first step in determining whether a legal recourse is feasible. In my country's territorial jurisdiction of criminal cases, the principle is jurisdiction based on the place where the crime was committed, with jurisdiction based on the defendant's place of residence as an exception. However, there are also jurisdictional provisions for special circumstances such as cybercrimes. According to the basic principle of territorial jurisdiction, if a Web3 project files a criminal complaint, the crime must at least have occurred within my country. So how do we understand the location of the crime? In Web3 scenarios involving on-chain assets, access control, and cross-regional collaboration, the location of the crime is not limited to an offline location, but includes any of the following: Location where project funds or digital assets are transferred or controlled Where private keys and account permissions are manipulated The final location where asset losses are manifested Location where proceeds of crime are obtained, hidden, or used In other words, all operations on the blockchain will eventually land at some point in the real world, whether it's people, equipment, or the flow of funds. These "landing points" themselves constitute the scope that domestic judicial jurisdiction may cover. For criminal offenses such as theft and fraud, complaints are generally filed with the criminal investigation department of the public security bureau in the place where the theft or fraud was committed, or in the place where the money was transferred or received. For criminal charges such as bribery by non-state personnel, embezzlement, and misappropriation of funds, if the Web3 project has branches in China, the case can be reported to the economic crime investigation department of the public security bureau where the branch is located. However, for Web3 project companies that do not have branches in China, the case can be reported to the economic crime investigation department of the place where the crime actually occurred or where the suspect resides. Do extraterritorial evidence and on-chain evidence require notarization and authentication? Web3 projects often operate on overseas servers, on-chain systems, or through cross-border communication tools, involving business operations, account systems, asset management, and communication. Therefore, when filing criminal charges, a practical problem frequently arises: Can this evidence be used directly in the country? Is notarization and authentication mandatory? According to the Criminal Procedure Law, if the Web3 project team collects relevant materials regarding the facts of the case being filed, including power of attorney for relevant agents (such as employees, lawyers, etc.), these materials need to be notarized and authenticated. If foreign languages are involved, a Chinese translation should also be attached.Author: Shao Shiwei As a complainant, if you want to file a criminal complaint in mainland China to hold the perpetrator accountable, you first need to establish a prerequisite: the perpetrator must be located in mainland China. If the perpetrator is in Hong Kong or overseas, even if the domestic police file a case, there is a high probability that there will be no further action. The reasons for this can be found in the article "Can Chinese Police Arrest People Overseas for Telecom and Internet Fraud?", which will not be elaborated upon here. This is also why many overseas Web3 projects that exploit users are often ineffective even if domestic users report them to the police, because these individuals are usually located overseas. With that in mind, let's get down to business. For the accuser, the first questions they'll face are: What documents are required for a police report? Which police station should I file a complaint with? If I report the case to the police, will they determine that I am engaged in illegal business and initiate an investigation against me? Who is qualified to file a lawsuit as a "victim"? For Web3 project owners, if project personnel are involved in accepting kickbacks from trading partners, embezzling or misappropriating project funds by abusing their positions, or if project funds are defrauded or stolen, which entity should report the case as the victim? This needs to be discussed on a case-by-case basis, depending on whether the Web3 project owner has established a physical company in China. Generally, Web3 platform operators often set up their main projects in Hong Kong, Singapore, the Cayman Islands, etc., but at the same time, considering factors such as labor costs and ease of communication and management, they will recruit employees in China. For larger platforms, such as cryptocurrency exchanges, it is common to cooperate with domestic third-party companies. These domestic third-party outsourcing companies sign labor contracts with employees and pay social security contributions. However, many Web3 projects are actually established by the actual controller or by a third party instructed by the actual controller. These companies then hire employees, pay social security contributions, and distribute salaries. In this situation, the appropriate reporting entity becomes crucial to whether a case can be filed. If the Web3 project that is actually registered overseas suffers losses, can a domestic entity be sued as the victim? Referring to traditional criminal cases, if a foreign-invested enterprise is the victim and it has subsidiaries, branches, or offices in China, then the subsidiaries, branches, or offices can file a lawsuit together with the foreign-invested enterprise as victims. Therefore, if the Web3 platform can prove that its domestically established companies are related to it, then the domestic companies should be able to jointly file a lawsuit as the victimized entity. However, in many Web3 projects, although the main project is located overseas, the labor relationship with domestic employees is established only through a third-party human resources outsourcing company. At this time, a practical problem arises: can the partner company file a lawsuit as a "victim"? From a legal perspective, third-party outsourcing companies typically do not directly participate in project fund management, nor do they have the right to control or profit from the assets involved. Therefore, their legal status is often difficult to establish as victims. If they file a police report in their name, they may face the risk of being questioned for lacking direct losses or a basis for their rights. However, in judicial practice, there are still instances where a partner company acts as the reporting entity, with its staff submitting materials on its behalf. While this practice can indeed advance a case into the investigation process in some cases, it also provides the defense with a point of entry to argue whether the reporting entity is consistent with the actual interested party. For Web3 project teams, another key issue needs to be addressed: whether the platform itself can be identified as a "victim" under Chinese law. Certain Web3 business models, such as on-chain prediction markets, derivatives trading, and on-chain token liquidity matching, have clear regulatory status in some countries and regions. However, in mainland China, because cryptocurrency-related businesses are included in the "key prevention and prudent supervision scope," judicial authorities often consider two aspects when determining whether a platform possesses "legitimate rights": Whether the entity's qualifications comply with legal regulations (whether it has the qualifications to operate legally within the territory); Whether the business activities involved fall within the scope of domestic laws that prohibit or restrict them. Therefore, if a platform's core business falls within the prohibited scope of operations in mainland China, its legal basis as a "victim" will be limited, and the corresponding sue path will become more complicated. However, this does not mean that all Web3 businesses are ineligible for victim status. If a platform's business nature does not involve areas explicitly prohibited in China, and it can prove actual damage and a connection to asset rights, it may still be recognized as a victim by judicial authorities. Will filing a police report inadvertently create risks for the Web3 project team itself? This is one of the issues that the project team is most concerned about when considering criminal charges. Given domestic policies such as the "924 Notice," virtual currency-related businesses are classified as illegal financial activities. Therefore, if a project team reports a case to the police, it needs to assess the legality of the project itself. Otherwise, it may not only be difficult to be recognized as a "victim" under Chinese law, but it could also face criminal charges. However, illegal financial activities are not the same as criminal offenses or specific criminal charges. The level of risk of a business still needs to be comprehensively assessed based on factors such as whether it targets users in mainland China and whether it absorbs funds from domestic users. Because many project owners are uncertain about this, some people take advantage of their concerns about "domestic risks" to extort money under the guise of "exposure," "rights protection," or "reporting." For example, it was reported that[i], on October 16, 2023, Billy Wen, founder of Negentropy Capital, stated on the X platform that his fund had been blackmailed by a so-called rights protection group after investing in a Web3 project last year. He then reported the case to the Longgang police in Shenzhen, and the case was filed. The suspect, Wu, was suspected of extorting 50,000 USDT (totaling more than 300,000 yuan). Wu stated that he was instigated by a Twitter influencer named BitRun, who provided him with fabricated rights protection materials to carry out blackmail online. The court will hear and pronounce judgment on the case soon. It is evident that even under prudent regulation, not all project owners are left without recourse. As long as they clearly define the basis of their rights and conduct a preliminary assessment of the legality risks of their business operations, they may still be able to obtain support from judicial authorities. Which police station should I report the case to? — Determining Jurisdiction Which police station should I report the crime to, and which police station has jurisdiction over the case? For the person reporting the crime, if they rush to report it without first clarifying this question, the following problems may arise: The public security authorities refused to accept the case on the grounds of "lack of jurisdiction". Transferring and shirking responsibility between public security organs in different regions Even if a case is filed, the defense may later raise objections on the grounds of "improper jurisdiction," affecting the course of the case. Therefore, clarifying jurisdiction is the first step in determining whether a legal recourse is feasible. In my country's territorial jurisdiction of criminal cases, the principle is jurisdiction based on the place where the crime was committed, with jurisdiction based on the defendant's place of residence as an exception. However, there are also jurisdictional provisions for special circumstances such as cybercrimes. According to the basic principle of territorial jurisdiction, if a Web3 project files a criminal complaint, the crime must at least have occurred within my country. So how do we understand the location of the crime? In Web3 scenarios involving on-chain assets, access control, and cross-regional collaboration, the location of the crime is not limited to an offline location, but includes any of the following: Location where project funds or digital assets are transferred or controlled Where private keys and account permissions are manipulated The final location where asset losses are manifested Location where proceeds of crime are obtained, hidden, or used In other words, all operations on the blockchain will eventually land at some point in the real world, whether it's people, equipment, or the flow of funds. These "landing points" themselves constitute the scope that domestic judicial jurisdiction may cover. For criminal offenses such as theft and fraud, complaints are generally filed with the criminal investigation department of the public security bureau in the place where the theft or fraud was committed, or in the place where the money was transferred or received. For criminal charges such as bribery by non-state personnel, embezzlement, and misappropriation of funds, if the Web3 project has branches in China, the case can be reported to the economic crime investigation department of the public security bureau where the branch is located. However, for Web3 project companies that do not have branches in China, the case can be reported to the economic crime investigation department of the place where the crime actually occurred or where the suspect resides. Do extraterritorial evidence and on-chain evidence require notarization and authentication? Web3 projects often operate on overseas servers, on-chain systems, or through cross-border communication tools, involving business operations, account systems, asset management, and communication. Therefore, when filing criminal charges, a practical problem frequently arises: Can this evidence be used directly in the country? Is notarization and authentication mandatory? According to the Criminal Procedure Law, if the Web3 project team collects relevant materials regarding the facts of the case being filed, including power of attorney for relevant agents (such as employees, lawyers, etc.), these materials need to be notarized and authenticated. If foreign languages are involved, a Chinese translation should also be attached.