In Tulip Trading Ltd v Bitcoin Association For BSV & Ors(1) (the third judgment in these proceedings), the court set aside an order permitting the claimant to serve its claim out of the jurisdiction and held that there was no serious issue to be tried on the merits of the claim. In reaching that decision, the court concluded that the developers behind the major bitcoin networks did not owe the claimant either a fiduciary or tortious duty to take positive steps to allow the claimant to regain control of a large quantity of bitcoin to which it no longer had the necessary private keys.
The case is significant because, had the claimant been successful, it would have had huge implications for how cryptocurrencies could operate within English law. A contrary finding would have effectively bypassed a fundamental feature of the relevant bitcoin networks whereby digital assets are transferred through the use of such private keys.
Tulip Trading Ltd is a company incorporated in the Seychelles and controlled by Dr Craig Wright, who claims to be Satoshi Nakamoto, the inventor of Bitcoin. Tulip lost access to a significant amount of bitcoin as a result of a cyber-attack on Wright's computers at his home in England from which he controlled the company. As a result of the attack, the private keys needed to access the bitcoin were deleted.
Tulip brought proceedings against the developers and controllers of the relevant bitcoin networks seeking, among other matters, to compel them to implement a software patch that would enable Tulip to regain control of its bitcoin. Tulip argued that the defendants were obliged to do so as result of fiduciary and/or tortious duties owed to it.
Tulip was initially granted permission to serve the various defendants out of the jurisdiction, but a number of the defendants successfully challenged jurisdiction and the relevant order was set aside. The court held that there was no good arguable case that the defendants owed either fiduciary duties to Tulip (paragraphs 53-83) or a duty of care to include in their software the means to allow those without access to their private keys to access their bitcoin (paragraphs 91-109).
The judge identified that the key characteristic of a fiduciary duty was the obligation of undivided loyalty. The judge was unable to reconcile this characteristic with the fact that Tulip had sought an order allowing it specifically to recover control of its assets, which might be to the disadvantage of another network participant, such as a rival claimant to the bitcoin. The court was also hesitant about imposing a duty on developers over an anonymous and fluctuating class of users with whom they have no direct communication or contractual relationship.
The defendants also cited the equitable maxim in Attorney General v Blake(2) that equity "tells the fiduciary what he must not do. It does not tell him what he ought to do". Tulip argued that there were circumstances recognised in case law in which the court will require a fiduciary to perform positive steps. However, the court considered that the relief sought by Tulip went well beyond those examples and might expose the defendants to risk.
Tortious duty of care
In assessing whether a tortious duty might exist, the judge's starting point was to characterise Tulip's loss as being purely economic (Tulip had initially contented otherwise, but did not pursue the submission). The upshot of this was that no tortious duty of care could arise unless it arose out of a special relationship, with the judge citing Murphy v Brentwood,(3) and noting that the special relationship concept has been rationalised in terms of an assumption of responsibility, assessed objectively, citing Henderson v Merrett Syndicates.(4) The judge doubted whether such a special relationship could exist in the present circumstances but concluded that, even if it could be argued that the defendants had assumed some level of responsibility as a result of a role that they had decided to take on, it could arguably extend as far as Tulip required.
Tulip argued that there were public policy reasons for ensuring that crypto asset networks could not act or fail to act in a way that would mean that owners could not access their digital assets (see paragraph 132 of the judgment). In particular, Tulip drew an analogy with denying a person access to their life savings because they were locked in a safe to which a key or entry code had been lost. The court, while sympathetic to the issues raised, held that issues of public policy alone were not sufficient for finding a duty without a sufficient basis in the existing law.
Lex situs of crypto assets
The court also considered the lex situs of bitcoin and whether the relevant test was the residence of the (original) owner of the relevant cryptocurrency or the domicile of the corporate entity that had held it. The court held that the relevant test was the former. In this case, the corporate entity Tulip was domiciled in the Seychelles, but had been run by Wright and his wife from England, and accordingly the lex situs was England.
This issue has been considered in previous crypto cases, namely Ion Science and Fetch.ai. The finding in Ion Science was that "the lex situs of a cryptoasset is the place where the person or company who owns it is domiciled" although, later in the judgment, the judge stated "the lex situs is where the owner resides or is domiciled". The judge in the instant case fairly noted that it had not been necessary to distinguish between the place of an owner's physical residence and the corporate domicile in that case (Ion Science had involved two claimants, one person and one company, who were both resident/domiciled in England). Fetch.ai had cited with approval the reasoning in Ion Science but again the residence/domicile distinction did not arise in that case (which involved two corporate claimants, one based in England and one in Singapore, with the substantive operations being carried out by the English company).
Although Tulip was unsuccessful in establishing what would have been novel duties owed to end users of cryptocurrencies by the developers of the relevant networks, it does leave the door open to a number of other scenarios where duties might be found. First, scenarios where developers implement a software update for their own advantage and, second, where developers do not take reasonable care not to harm users' interests by, for example, introducing a malicious software error or other defects that threaten the operation of the relevant network. It will be interesting to see whether a claim predicated on duties of that nature is brought in the English courts.
Separately, the commentary on the lex situs of a crypto asset (while technically obiter) is extremely helpful. The issue had only been considered previously at interim hearings with only one party present; it is useful for it now to have been considered and determined at a contested hearing. It is also good news for individuals holding crypto assets via offshore entities, who will have greater assurance that the English courts will accept jurisdiction over claims relating to such assets.
Finally, it is noteworthy that the judge referred to the ongoing Law Commission project on digital assets, noting that "[w]hether the law should be developed in a way that would address all or part of [Tulip's] case is no doubt something that could be considered by the Law Commission and, if appropriate, by Parliament". Commentators will watch with interest how the Law Commission's project develops. At the time of writing, the Law Commission anticipates publishing its digital assets consultation paper in mid-2022.
For further information on this topic please contact Daniel Wyatt, Christopher Whitehouse or Becky Baker at RPC by telephone (+44 20 3060 6000) or email ([email protected], [email protected] or [email protected]). The RPC website can be accessed at www.rpc.co.uk.