When does a fraud victim become the one holding the bill?
A Saskatchewan man who handed scammers access to his computer bore the disputed $200,000 crypto fraud loss in full, a court ruled March 13.
In HoneyBadger Enterprises Ltd. v Bue, 2026 SKCA 40, the Court of Appeal for Saskatchewan overturned a lower court ruling that had split a residual $200,000 loss equally between the victim and a cryptocurrency broker, resulting in total awards of $140,000 to HoneyBadger and $100,000 to Bue. The court also dismissed a cross-appeal by Norman Bue, which had argued that the two disputed $100,000 Bitcoin purchase contracts were invalid because he had no knowledge of the transactions when they occurred and had not authorised them. HoneyBadger Enterprises Ltd. was awarded the entire $200,000 still in dispute on appeal; a separate $40,000 that Bue had already acknowledged owing had been released to HoneyBadger before the appeal proceedings.
The fraud began in 2022 when Bue invested $53,873 in a fictitious online company called "Main Bit Ltd." When he attempted to withdraw his investment, the company stopped responding. He subsequently transferred over $190,000 to someone purporting to work for the "Ministry of Justice at the United Kingdom," who promised to compensate him for his losses. He received nothing. A contact from a so-called "Cybercrime agency" called "Funds Recall" offered to recover those losses in exchange for a cryptocurrency transfer, but Bue did not make those payments.
Someone purporting to represent the "cybersecurity division" of the FBI then contacted Bue, offering to recover all his lost funds for an $80,000 fee payable in cryptocurrency. In April 2023, Bue contacted HoneyBadger, a cryptocurrency broker, to facilitate the purchase. He did not disclose his fraud history to the broker.
Bue granted the third party posing as the FBI remote access to his computer and provided the password to his email account, the same account he used to transact with HoneyBadger. One of the two email accounts he gave HoneyBadger for know-your-client verification had been created by the fraudsters themselves and given to him. He also directed all purchased Bitcoin into a cryptocurrency wallet the fraudsters controlled.
Over several weeks, six Bitcoin transactions were executed through HoneyBadger. Bue later disputed four of those transactions worth $240,000 in total, and his credit union reversed the corresponding debits that HoneyBadger had made under a Pre-Authorised Debit agreement. HoneyBadger sued to recover the funds.
The lower court found both parties partially liable. It attributed the full $40,000 from the transactions Bue admitted authorising to HoneyBadger, then split the remaining $200,000 equally between the parties, concluding that HoneyBadger had failed to issue a verification password under the PAD agreement, which it said could have stopped the fraud. The result was $140,000 awarded to HoneyBadger and $100,000 to Bue.
The Court of Appeal rejected both of those conclusions. On the PAD agreement, Justice Caldwell found the lower court had misread the relevant clause. The requirement for a "password or security code or other signature equivalent" was an obligation on Bue to generate his own authorisation, not an obligation on HoneyBadger to issue one. The court further found that even under the opposite reading, issuing such a code would not have prevented the fraud, given that Bue had already given the third party unrestricted access to his computer and email accounts for the purpose of the Bitcoin transactions.
On liability, the court applied the common law principle from Isaacs v Royal Bank of Canada, an Ontario Court of Appeal decision, which holds that where a party's carelessness involves active participation in a fraudulent scheme, that party must bear the resulting loss. The lower court had relied on a Quebec case applying the Civil Code of Quebec, which the appeal court found had no application in Saskatchewan.
HoneyBadger had conducted proper know-your-client verification, believed at all times it was dealing with Bue, and faced no transaction activity that would have signalled fraud. HoneyBadger was awarded the full $200,000 in dispute, with costs of the summary judgment application and the appeal and cross-appeal also awarded in its favour.
