In Tulip Trading Ltd v Bitcoin Association for Bitcoin SV (BSV) and others  EWHC 667 (Ch) the High Court revisited the scope of common law and other duties in the context of digital asset networks. The case concerned a claim against 16 software developers (the “Defendants”) alleging that they owed fiduciary and/or tortious duty to owners of digital currency assets on their networks. One such investor - Tulip Trading Limited (“TTL”), incurred alleged losses as a result of deleted encryption keys for the use of $4.5 billion worth of digital assets following an alleged cyber-attack against TTL. TTL claimed that the Defendants should assist it in regaining control and use of its assets.
TTL, a Seychelles-registered Company, is the holding company of Dr Craig Wright – an individual linked with the pseudonym Satoshi Nakamoto. Satoshi Nakamoto is the stated author of the Bitcoin white paper and “inventor” of Bitcoin. TTL claimed that the Defendants had a duty to enable him to recover stolen encryption keys that were allegedly deleted from Dr Wright’s computer when he was the victim of a cyber-attack in February 2020.
TTL claimed that the Defendants, being the core developers who controlled the software in respect of four relevant digital asset networks (the “Networks”, as specified below), owed TTL fiduciary and/or tortious duty which should compel them to assist TTL in recovering control and use of its digital assets. TTL claimed that it “would not be technically difficult” to put together a software patch to allow TTL to “regain control of the assets.”
The Networks included:
- The Bitcoin Satoshi Vision network (the “BSV Network”) – the First Defendant (the “Bitcoin Association”);
- The Bitcoin Core network (the “BTC Network”) – the Second to Thirteenth Defendants (the “BTC Developers”);
- The Bitcoin Cash network (the “BCH Network”) – the Fourteenth Defendant; and
- The Bitcoin Cash ABC network (the “BCH ABC Network”) – the Fifteenth and Sixteenth Defendants.
Notably, none of the Defendants were located within the jurisdiction of England & Wales. Therefore, the judgment, rather than a full trial, concerned the Second to Twelfth, Fifteenth and Sixteenth Defendants’ (together, the “Applicants”) application challenging the Court’s jurisdiction. The First Defendant had accepted the Court’s jurisdiction and the Thirteenth and Fourteenth Defendants were not parties to the application.
In order to obtain permission to serve proceedings out of the jurisdiction, TTL had to satisfy the Court that its claim met the following criteria: 1) there was a serious issue to be tried; 2) there was a good arguable case that the claim fell within one or more of the jurisdictional gateways; and 3) in all the circumstances England was the appropriate forum and the Court should have exercised its discretion to permit service out of the jurisdiction.
On the question of whether there was a serious issue to be tried, TTL’s claim had to meet the following standard: “The claim must be more than merely arguable. Whilst the Court must not conduct a mini-trial, it must take account of the available evidence and also evidence that can reasonably be expected to be available at trial. But there may be a point of law on which the Court should ‘grasp the nettle’.”
In its judgment, the Court decided that the claim failed at this first hurdle, in that there was no serious issue to be tried. Of the seven issues in dispute regarding the merits of the case at trial, Mrs Justice Falk singled out the presence of any fiduciary and tortious duties in the circumstances as the two key ones and devoted them the most attention (only briefly considering the ‘jurisdictional gateways’ and the ‘appropriate forum’ issues, which are beyond the scope of this article). Other substantive issues included the establishing ownership of the “stolen” crypto assets and establishing as a matter of fact whether the alleged cyber-attack had occurred.
The Court concluded that it is not realistically arguable that the pleaded facts demonstrated a fiduciary relationship, as there were no circumstances which gave rise to a relationship of trust and confidence with an overarching obligation of loyalty between any of the Applicants and TTL.
To impose a fiduciary duty would mean that the Applicants in this case would have owed TTL an obligation of “undivided loyalty,” but that would be impossible as it would be for TTL’s sole benefit. Creating this precedent may even have led to a disadvantage for every other user in a given Network.
However, Mrs Justice Falk did leave the door open to future attempts to establish the presence of fiduciary duty in different circumstances, commenting that “…at a general level I can see that any holder of digital assets on the Networks will have certain expectations, for example about the security of the Network and private keys, the efficacy of the "proof of work" processes and indeed anonymity”.
Common Law Duty
In relation to the common law duty of care (or tortious duty), TTL needed to establish that there was a special relationship between them and the Applicants and that this special relationship (or duty) was breached when the latter failed to assist in the recovery of the digital assets. However, the Court rejected that any such duty existed and held that there was no legitimate reason to implement an incremental extension to the existing test for a duty of care, and (particularly given its unlimited nature) it could not realistically be argued to be fair, just and reasonable to impose such a duty on the Applicants.
Additionally, the loss claimed by TTL’s was that of pure economic loss and in the absence of any special relationship between the parties, no common law or tortious duty of care can exist. However, Mrs Justice Falk made comments suggesting that “it might be arguable that developers assume some level of responsibility to ensure that they take reasonable care not to harm the interests of users” by taking active malicious steps compromising the security of the Network. Even further, she suggested that developers may be under a duty to address bugs or other defects on their Network. As there were no such allegations in this case, Mrs Justice Falk did not consider these further.
While the case was the first of its kind to consider the roles and potential duties of cryptocurrency software developers, we suggest that readers should avoid making broad conclusions based on the judgment. The Court did not rule directly on the general existence of fiduciary duties or common law duties in a digital asset Network, but merely reiterated the ‘high bar’ which exists to establish the existence of certain fiduciary and/or tortious duties.
The topic of cryptocurrency is in no doubt attractive and some may hail this decision as “landmark” in potentially absolving crypto software developers from owing a duty of care. However, this analysis would over-reach, we believe, as this case was an interlocutory hearing and the outcome turned on specific facts rather than any re-interpretation of the law. The Court rejected the notion that software developers and/or software controllers of blockchain tools could owe a duty to protect Network users by allowing them to re-establish access to digital assets when their private keys are lost.
Nevertheless, the Court did make significant obiter comments (i.e. observations in passing) which may suggest that its findings could have been different in other circumstances. These may provide some encouragement for potential claimants looking to pursue developers for failings such as malicious or negligent security threats to their networks, breach of anonymity or the operations of the “proof of work”.
The full High Court judgment can be found here.