Tulip Trading: Developers' Duties

In Tulip Trading Limited v Bitcoin Association (for BSV and others)¹, the English court considered whether software developers and controllers in respect of digital asset networks (the Networks) owe a duty of care to the holders of cryptocurrencies reliant on their software.

Tulip Trading Limited (TTL) lost access to its Bitcoin following a third party hack. TTL claimed that the Defendants owed it a duty of care to assist TTL in regaining control over and use of its lost Bitcoin by implementing a software “patch”. The Court rejected that argument and held that open source developers or controllers of blockchain software do not owe a duty of care to take positive steps to re-establish access to stolen digital assets.

In this article, we consider the key aspects of the Court's decision, and the implications for software developers and controllers.

Background

TTL is a Seychelles incorporated holding company whose CEO is Dr Craig Wright. Dr Wright has garnered a wide array of publicity for making (disputed) claims that he is Satoshi Nakamoto, the author of the Bitcoin White Paper and the creator of Bitcoin.

Dr Wright claimed TTL owed £3 billion of Bitcoin, which he accessed and controlled from his private computer system in England. Hackers accessed his computer in February 2020 and removed Dr Wright's secure private keys². This resulted in TTL being unable to access its Bitcoin.

TTL sought a declaration that it owned the lost assets and an order requiring the Defendants to take reasonable steps to ensure TTL was provided with access to them, or for equitable compensation or damages.

The Question of Jurisdiction

The Defendants were all outside the jurisdiction. Therefore, TTL was required to, and did, obtain permission to serve the claim out of the jurisdiction. Following service, the majority of the Defendants challenged the jurisdiction of the Court. To be successful in their challenge, the Defendants had to show that the claim failed to meet one or more of the following criteria:

• There was a serious issue to be tried on the merits of the claim;
• There was a good arguable case that the claim fell within one of more of the jurisdictional gateways; or
• In all the circumstances, England was the appropriate forum and the Court should exercise its discretion to permit service out of the jurisdiction.

In considering each of these, the Court overturned the permission to serve out on the basis that TTL’s claim did not meet the first limb of the test; i.e. the Court found that there was no serious issue to be tried on the merits of the claim. The Defendants overcame a high threshold, with the Court concluding that TTL had no realistic prospect in establishing that the facts pleaded demonstrated a breach of fiduciary and/or tortious duty owed by the Defendants.

The Court’s Decision

On the issue of whether a fiduciary duty was owed, the Court ruled in favour of the Defendants on the basis that the developers were a “fluctuating body of individuals” and it “could not realistically be argued that they owe continuing obligations” to carry out software updates whenever owners of relevant digital assets require.

The defining characteristic of a fiduciary relationship is the obligation of undivided loyalty; however, in taking steps in favour of benefitting TTL alone, the Defendants could disadvantage other members of the Networks. In any event, while such fiduciary relationships are subject to positive duties, what was being requested by TTL was beyond the scope typically imposed on fiduciaries and would expose the developers to risks on their own account (for example, from a rival claimant to the relevant Bitcoin).

In relation to the alleged tortious duties, the Court found that Defendants owed no duty of care to TTL. Notably, TTL’s loss in this case was purely economic. Therefore, no duty could arise unless a special relationship existed between TTL and the Defendants and in this case it was not arguable that one did.

The Court considered the practical implications if it were to find in favour of TTL. The potential class of persons to whom any such duty would be owed would be unknown and potentially unlimited, with the result that there would be no definitive restriction on the number of claims that could be advanced against the developers by persons alleging loss of assets or keys. The duty contended for by TTL would require the Defendants to investigate and take steps to address claims by any individuals professing to have lost their private keys. Due to the anonymity present in the system and function of cryptoassets, such investigation would be extremely time consuming, costly and difficult to conduct.

In contrast, Bitcoin owners themselves have significantly more control over their digital assets and could take reasonable steps to protect themselves against the loss of their private keys, for example by storing the private keys on backup drives or protecting themselves with insurance.

The Court also noted that developers are a fluctuating body of individuals and that even if the Defendants currently had control of the Networks, it would be difficult to see how there could be any basis for imposing an obligation which would require them to remain involved and make changes when required by asset owners in circumstances where they had not provided any commitment or assurance that they would do so.

The Court therefore considered that imposing such a duty of care could not be considered to be an equitable extension of the law, particularly given the loss was purely economic, and cannot realistically be argued to be fair, just, and reasonable.

Could Duties Ever Arise?

While the Court did not find any duties had arisen between the software developers and TTL in this case, it did recognise that software developers may be under other, more limited, duties in certain circumstances.

One such instance is where they must take reasonable care not to harm the interests of users when making software changes, for example by introducing a malicious bug or compromising the security of a network. Further, where developers have control over a network, it is conceivable that some duty might be imposed to address bugs or other defects that arise in the course of the operation of the system which threaten its operation.

As the digital revolution continues apace, the competing interests of developers of software and those who use it will continue to give rise to issues for the English Courts to consider and decide. The scope of duties owed by developers and controllers is certain to continue to be a contested one before the Courts, and the boundaries of such duties remain to be seen.