Left to their own devices: No duty arises between cryptoasset software developers / controllers and cryptoasset owners
8 min read
In Tulip Trading Limited v Bitcoin Association for BSV,1 the High Court summarily dismissed Tulip's claim against certain bitcoin software developers and controllers. In doing so, the Court held that cryptoasset software developers and controllers owe neither fiduciary duties nor a common law duty of care to owners, and have no obligation to assist owners in accessing their cryptoassets should control over them be lost.
Tulip Trading Limited ("Tulip"), a Seychelles company owned by Dr Craig Wright (who claims to be the identity behind the pseudonym Satoshi Nakamoto and the creator of the bitcoin cryptocurrency) claimed that in February 2020 the private keys that provided control and access to approximately £3 billion in cryptoassets on the BSV, BTC, BCH and BCH ABC networks (the "Cryptoassets") were removed from Dr Wright's computer by hackers. Without these private keys, Tulip was unable to access its Cryptoassets.
Tulip claimed that 16 developers, who developed and controlled the relevant software2 (the "Developers"), owed Tulip a fiduciary duty and/or tortious duty of care, such that the Developers were obliged to assist Tulip in regaining control and use of the Cryptoassets. Specifically, Tulip sought a declaration that it owned the Cryptoassets, coupled with orders requiring the Developers to take reasonable steps to ensure it had access to the Cryptoassets (or at least take steps to ensure that effect is not given to the fraud). In this respect, Tulip contended that the Developers had the ability to write a software "patch" to amend the underlying software to permit Tulip to regain control of its Cryptoassets.3
The Developers were not present in England and so Tulip required permission to serve the proceedings on them. In May 2021, Tulip obtained permission to do so on an ex parte basis. The Developers4 subsequently contested permission to serve out and sought to set aside the original order.
The High Court's Decision
When considering whether to exercise its discretion to permit service of the proceedings out of the jurisdiction, the Court needed to consider whether there was a serious issue to be tried, i.e., whether Tulip had a real prospect of success in establishing that the Developers owed it a fiduciary duty or common law duty of care.5
In considering whether a fiduciary duty was owed, the Court's starting point was Bristol and West Building Society v Mothew,6 in which Millett LJ stated that a fiduciary is: "someone who has undertaken to act for or on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence. The distinguishing obligation of a fiduciary is the obligation of loyalty. The principal is entitled to the single-minded loyalty of his fiduciary." A fiduciary relationship gives rise to what has been termed ‘a legitimate expectation' that the fiduciary will not use their position in a way that is adverse to the interests of the principal.7
Tulip argued, among other things, that:
- the Developers had "complete power over the system through which (highly valuable) digital assets are held"; 8
- owners of digital assets, including Tulip, entrusted the care of their property to the Developers and were consequently vulnerable to possible abuse by the Developers who controlled the system; and
- the Developers had the power to amend the relevant software, including to allow owners to recover control of their assets or to stop or (effectively) reverse a fraudulent transaction, whereas owners had no such power. Without the private key, owners had no means of controlling their assets or, in practice, obtaining redress against any fraud.
As such, Tulip contended that the above circumstances gave rise to a fiduciary relationship between the Developers and the owners of digital assets.
Mrs Justice Falk dismissed this argument, holding that while an imbalance of power, together with vulnerability to abuse of such power, is often a feature of fiduciary relationships, it is not a defining characteristic and is certainly not a sufficient condition for the existence of the duty. Further, on the question of entrustment of property, Falk J did not consider that bitcoin owners could realistically be described as entrusting property to a "fluctuating, and unidentified, body of developers of the software" in the way Tulip claimed.9
Instead, the Judge held that the distinguishing feature, or defining characteristic, of a fiduciary relationship is "the obligation of undivided loyalty".10 In this regard, Tulip accepted that it was a necessary part of its case that the underlying relationship between the Developers and bitcoin owners generally was of a fiduciary quality, yet the steps that Tulip sought to require the Developers to take to "patch" the relevant software would be solely for Tulip's benefit, and not for the benefit of users generally. Further, those steps could in fact prejudice other bitcoin owners with certain expectations regarding the operation of the software; for example, the expectation that digital assets can only be transferred by the use of private keys, the efficacy of the "proof of work" processes on the blockchain, and anonymity.
In support of its position that the Developers owed it a common law duty of care, Tulip argued that:
- the duty contended for would be a novel, but permissible, incremental extension of the law (in line with recent guidance from the Supreme Court);11
- a special relationship existed between owners of cryptoassets and developers because of the developers' assumption of control over the networks; and
- there were strong public policy reasons for upholding a duty so that developers could not act (or fail to act) in a way that would have the effect of depriving owners of their digital assets
Tulip further contended that the Developers were in breach of this duty of care by: (i) failing to include in the software means to allow those who have lost their private keys or had them stolen to access their cryptoassets; (ii) failing to include sufficient safeguards against wrongdoing by third parties; and (iii) failing to take steps to give Tulip access to and/or control of its cryptoassets, or otherwise protect Tulip against fraud or allow Tulip to seek to put right any fraud that occurs in the future.
In considering the existence of the tortious duty contended for by Tulip, the Court observed that:
- as the loss suffered was purely economic, a special relationship was required,12 otherwise no common law duty of care could arise. The Court found no such special relationship existed in the circumstances of this case;
- Tulip's complaints were in relation to a failure to act, but there is no general duty to protect others from harm, and the law generally imposes no duty of care to prevent third parties causing loss or damage, or for injury or damage caused by a third party; and
- the class to whom the duty would be owed to would be "unknown and potentially unlimited", with "no real restriction on the number of claims that could be advanced against the [Developers] by persons who had allegedly lost their private keys or had them stolen". 13
Falk J therefore found that the tortious duty of care contended for by Tulip did not exist. In doing so, Falk J rejected Tulip's argument that the imposition of a duty of care in these circumstances could be treated as an incremental extension of the law. This was particularly so given the loss alleged was economic.14
In light of the decision that there was no serious issue to be tried, the Court set aside the order permitting service of the proceedings on the Developers out of the jurisdiction and set aside service of Tulip's claim form.
Tulip Trading is the first decision that considers the duties owed by cryptoasset software developers and controllers to owners. While in this case the Court refused to impose the duties Tulip contended for, the Court did suggest obiter that, in some circumstances, it may be arguable that a duty arises. It might, for example, be arguable that when making software changes, developers assume some level of responsibility to ensure that they take reasonable care not to harm the interests of users (e.g. by doing something that compromised security).15
In Tulip Trading, the Court navigated the application of existing legal principles to a novel situation involving digital assets. The Law Commission has been asked by the UK Government to make recommendations for reform to ensure that the law is capable of accommodating digital assets, including cryptoassets, in a way that allows the technology to flourish. This includes consideration by the Commission of legal remedies or actions for the protection of digital assets, and competing claims in relation to digital assets.16 Pending any legislative or regulatory changes, the Court will need to continue to apply existing legal principles to novel situations as it did in Tulip Trading.
1  EWHC 667 (Ch).
2 i.e., the software underpinning the BSV, BTC, BCH and BCH ABC networks.
3 Tulip also claimed equitable compensation or damages in the alternative.
4 Save for the First, Thirteenth and Fourteenth Defendants, for the reasons given in paragraph 8 of the judgment.
5 Other factors to be considered were whether there was a ‘good arguable case' that the claim fell within one or more of the jurisdictional "gateways" permitting service out of the jurisdiction under Practice Direction 6B; and whether England was the appropriate forum for the trial.
6  Ch 1.
7 Arklow Investments Ltd v Maclean  1 WLR 594.
8 Tulip Trading .
9 Tulip Trading .
10 Tulip Trading .
11 See Tulip Trading  and .
12 Murphy v Brentwood  1 AC 398.
13 Tulip Trading .
14 Tulip Trading .
15 Tulip Trading .
16 See the Law Commission's Digital Assets Interim Update, available here
Emma Thatcher (Senior Professional Support Lawyer, White & Case, London) and Isabella Conceicao Silva (Trainee Solicitor, White & Case, London) co-authored this publication.
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2022 White & Case LLP