Losing the keys to the (bitcoin) kingdom: Tulip Trading v Bitcoin
In Tulip Trading Ltd v Bitcoin1, Falk J considered whether developers involved with the development and custodianship of the software underlying digital assets ("Developers") owed either fiduciary duties, or a duty of care, to those using their software. While the Defendant Developers were not found to owe the specific duty alleged in this case (namely a duty to create a software patch to restore access to bitcoin following the theft of private keys), Falk J suggested that in some circumstances, Developers could owe more limited duties to users of their software.
Falk J's judgment represents the first engagement by the English courts over the existence, and scope, of fiduciary duties or duties of care in the context of cryptocurrency software development. However, given the losses sustained by investors in cryptoassets recently (including from the hacking of exchanges, wallets and decentralised autonomous organisations2 or from stablecoins being untethered3), it is unlikely to be the last.
Background
The Claimant, Tulip Trading Limited ("Tulip Trading"), claimed that it owned bitcoin (the "Bitcoin"), valued at approximately $4.5 billion at the time the claim was issued, on a variety of networks controlled by the 16 Defendants, who were the core Developers of those networks. Tulip Trading claimed its access to that bitcoin was lost following a hack on the home computer of its CEO, Dr Craig Wright, during which the private keys needed to control the Bitcoin were deleted. Dr Wright had no other record of the private keys.
The proceedings
Tulip Trading brought a claim against the Developers (all resident outside the jurisdiction) for declarations that:
i) it owned the Bitcoin;
ii) the Developers owed it fiduciary or tortious duties which required them to assist it in regaining control of its Bitcoin; and/or
iii) it was owed equitable compensation in damages for breach of those duties.
In essence, Tulip Trading argued that the Developers were required to take active steps to create and apply a ‘patch’ to the four networks identified, which would allow it to regain control of its Bitcoin. It claimed that the Developers had control over the identified blockchain networks, the ability to amend the underlying software, and the obligation to make those amendments in order to comply with their tortious and/or fiduciary duties.
The Developers disputed this on a number of grounds. First, they denied being in control of the networks; countering that they were "part of a very large, and shifting, group of contributors without an organisation or structure", being the "decentralised model" pursuant to which the bitcoin network operates4. Secondly, they denied that they were under fiduciary or tortious duties to create the software patch requested.
As all of the Developers were resident outside the jurisdiction, and Tulip Trading had no entitlement to serve proceedings on them without the Court's permission, an application for permission to serve outside the jurisdiction was sought and granted on an ex parte basis. Certain Developers subsequently sought to set aside that order. Falk J concluded that the order granting permission to serve the proceedings on those Developers out of the jurisdiction should be set aside as Tulip Trading had failed to demonstrate that the claim had a real prospect of success for the reasons detailed further below.
Tulip Trading's claim for breach of fiduciary duty
Tulip Trading argued that because the Developers had complete control over the underlying blockchain source code and the ability to re-write it, that imbalance of power translated into a fiduciary duty requiring them to take all reasonable steps to restore the private keys. The failure to take those steps was a breach justifying an order mandating the software amendment or, in the alternative, equitable compensation.
Falk J rejected Tulip Trading’s argument that any imbalance of power that existed amounted to a fiduciary duty. While an imbalance of power, together with vulnerability to abuse of that power, may often be a feature of a fiduciary relationship, it was not determinative of the existence of such a relationship, and indeed not sufficient to establish a fiduciary duty alone.
Further, Falk J was not convinced that the Developers were, in fact, in control of the four networks. The Developers had no "general contractual or other obligation to make changes to the networks in the future". They were not a wholly identifiable static group, and there was no continuing obligation for them to remain as developers into the future, nor to tend to the networks in the manner alleged by Tulip Trading. This reflects the real-life structure of the networks underlying bitcoin and highlights the challenges of applying established legal principles to such decentralised structures.
Falk J also highlighted that the distinguishing feature of a fiduciary relationship is the obligation of undivided loyalty5 and that the action requested by Tulip Trading would be inconsistent with that duty of loyalty. The steps it was asking the Developers to take were for its sole benefit (i.e. giving it access to the Bitcoin) but would not be for the benefit of the networks’ users more broadly, and in fact could be seen by some users as a detriment or compromise to the integrity of the networks. A key benefit of the bitcoin network for some users is that they can be accessed via private keys only, which feature Tulip Trading was effectively asking the Developers to circumvent. Accordingly, the court ruled that a duty of loyalty could not arise in favour of Tulip Trading to the "exclusion of the interests" of other users.
Tulip Trading's claim in negligence
Tulip Trading claimed that the Developers had acted negligently in failing to: (1) put in place sufficient protections against misconduct by third parties; and (2) restore access to users whose private keys were lost or stolen. It contended that a special relationship (necessary for the establishment of a duty of care in cases of pure economic loss) arose by virtue of the Developers’ voluntary assumption of responsibility for control of the networks. Alternatively, it argued it was a permissible incremental extension of the scope of established categories of duties of care, drawing an analogy with the Quincecare duty owed by banks to their customers to refrain from acting on instructions when on notice of the possibility of fraud.
Falk J rejected both of these arguments. She noted that the alleged negligence related to failures to act but that the law does not generally impose a duty of care to prevent third parties from causing damage. Further, the duties of care which Tulip Trading claimed existed would have been open-ended, compelling the Developers to investigate and potentially take positive action in relation to any claim from a person whose private keys had been lost or stolen.
Falk J also considered another key element of the bitcoin network, that of the anonymity of its users. Any purported duty would be owed to an unidentified, and also theoretically limitless, class of users. In contrast to the Quincecare duty, which is owed by a bank to its customers, the duty here would be owed to an "anonymous and fluctuating" class. This, and the fact that the alleged duty of care would give rise to a potentially indeterminate liability, militated against the finding that such a duty of care existed.
However, Falk J accepted that in certain circumstances a more limited duty of care could conceivably be owed. For example, she held that Developers might have a duty to take reasonable care not to introduce a malicious software bug or some other action which compromised the integrity of the software system. However, that was not a claim before the Court, and Falk J firmly rejected the argument that the Developers had a duty to alter the system following harm caused by a third party, over whom they had no control, and with whom they were not involved.
Findings on the nature of cryptocurrency
Falk J also held (obiter, and in line with other recent authorities) that:
- Cryptocurrency is property6; and
- The lex situs of cryptocurrency is likely to be the place where the owner is resident, rather than where it is domiciled7.
Commentary
This judgment (although given in the context of an interim application) contains an interesting exploration of the nature of the duties of care owed by Developers. Whilst Falk J's analysis implicitly accepts, and reflects, the principle of decentralisation which lies at the heart of public blockchains, it does accept the possibility that Developers can, in certain circumstances, owe duties of care to users.
1 Tulip Trading Ltd & others v Bitcoin Association for BSV & others [2022] EWHC 667 (Ch).
2 For example, the DAO Hack, which took place in 2016, which resulted in the unlawful transfer of 3.6m Ether valued at the time at around $50m (now worth approximately $71bn).
3 See for example, the recent collapse in value of the Terra Luna and TerraUSD stablecoins.
4 Falk J's judgment has a useful summary of these aspects at [16] – [22].
5 Millet LJ in Bristol and West Building Society v Mothew [1998] CH 1.
6 Falk J expressly affirmed the content of the Legal Statement on Cryptoassets and Smart Contracts published by the UK Jurisdiction Taskforce in November 2019 (the "Legal Statement").
7 In this case, Tulip Trading was (arguably) resident in the UK (where its central management and control was exercised), whereas its country of domicile (its place of incorporation) was the Seychelles. This analysis, whilst it was only made on a preliminary basis, with Falk J not making any formal findings on this issue, is likely to be relevant to future disputes regarding governing law and jurisdiction in the context of cryptocurrency disputes. In reaching this conclusion, Falk J referred to the Legal Statement which expressed the view that the location of control of digital assets may be relevant to determining whether they are governed by English law.
