The recent case of Tulip Trading Ltd v Bitcoin Association For BSV & Ors [2022] EWHC 667 (Ch) considered, amongst other things, the potential fiduciary duties owed to crypto owners by developers of crypto software. This judgment originated from an application from the Second to Twelfth, and Fifteenth and Sixteenth Defendants who challenged the jurisdiction of the Court. In this case, it was found that the Defendants did not owe a duty to help the Claimant recover its assets. At first glance, this seems like bad news for victims of crypto fraud. However, if you go beyond the substantive judgment and look at the judge’s obiter comments, the legal developments following the judgment (including the permission to appeal), and the details of the subsequent settlement of the claim, it is arguable that this judgment provides possible scope for an additional strategy for the recovery of crypto assets in the future.
Background
The Claimant, Tulip Trading Ltd, a company incorporated in the Seychelles, claimed to have owned $4.5bn (c.£3bn) in crypto on four different networks. The Defendants consisted of 16 core developers over these four networks. Due to a cyber-attack, the private keys to these assets were deleted and the Claimant had no alternative means of accessing the assets. The Defendants not only disputed the Claimant’s ownership of the assets, but also whether the hack occurred as the Claimant alleged.
The Claimant then brought a claim against the Defendants alleging, amongst other things, that they owed a fiduciary duty and a tortious duty that required them to create a software patch to restore access to the assets which were misappropriated. In the alternative, the Claimant claimed it was owed an equitable remedy in compensation for breach of those damages.
13 of the 16 Defendants applied for summary judgment to challenge the court’s jurisdiction as none were based in the jurisdiction.
Claim in Fiduciary Duty
The Claimant argued that the Defendants had significant control over the underlying blockchains, which, in their eyes, was tantamount to owing a fiduciary duty to the Claimant and this in turn required them to assist the Claimant in recovering the lost keys.
This argument was rejected for a number of reasons:
-
- The developers consisted of an ever shifting group of unidentified people on whom it would have been unrealistic to impose a duty of care; and
- A key characteristic of a fiduciary duty is that of “undivided loyalty”. However, the patch the Claimant was asking for was for its sole benefit rather than a general software change that would benefit other owners. In fact, such a patch might even disadvantage other users of the networks.
Claim in Negligence (Tort)
The Claimant also alleged that the Defendants not only had a duty to put sufficient safeguards in place against malicious third parties, but also to reinstate access to users when things went awry. Although the Claimant suffered pure economic loss (whereby in duty of care cases, a “special relationship” is required), it argued that a fiduciary relationship (that amounted to a special relationship) existed between the Claimant and the Defendant, the latter of whom voluntarily controlled the networks which housed the assets.
This too was rejected for a number of different reasons. It is interesting to note that at the heart of all these reasons was the sheer difficulty and risk of owing such a duty to users, and therefore would not have been fair, just or equitable to impose it:
-
- This particular duty would have required developers to investigate any claim by a user that their assets or private keys had been compromised and therefore any investigation would likely been met with little success due to the anonymous nature of the blockchain;
- The sheer number of crypto owners using the software (and therefore had a duty owed to them) would have been virtually limitless, thereby opening the developers to boundless liability; and
- The control by the developers was contrasted to the control of the users, who had more control over their assets and private keys and were in a better position to protect themselves against loss, but without the manifest burden.
Scope for Duty of Care in the Future
Although software developers can breathe a sigh of relief for now following this judgment, they should very much keep their eyes peeled for duties to be owed to users of their networks in the future. There are a few interesting reasons why:
-
- This is the first engagement by the English Courts on the duty owed by the developers of a blockchain network to crypto owners and by no means will be the last. As the law develops and other duties are alleged and tested in the Courts, there may be scope (however limited) for developers to owe a duty.
- Although Justice Falk found that this particular duty of creating a software patch did not exist, she made comments that developers could owe a duty of care to users in the future (though she expressed doubt that this duty could be characterised as fiduciary). For example, developers may be required to take reasonable care not to harm the interests of users or to address defects in their systems.
- Although the Defendants prevailed in this case, the Claimant was granted leave to appeal to the Court of Appeal. Due to this case’s complexity and difficulty of underlying facts, Lady Justice Andrews contended it was arguable with a real prospect of success and that Justice Falk erred in ruling that there was not even a serious issue to be tried. An appeal could be a more forensic look at the law beyond the brevity of a summary judgment, which in turn could lead to a different outcome than at first instance and potentially impose a duty on developers in the future.
- A subsequent settlement was announced between the Claimant and Bitcoin Association, the First Defendant. They agreed, amongst other things, that Bitcoin Association would release software that allows crypto miners to freeze transaction outputs and act on court orders. It is unclear if these software updates were in the works prior to the claim, but this does indicate that developers understand duties are on the horizon.
As such, victims of crypto fraud need not be disheartened by this judgment. It might be too much to expect an analogous relationship similar to banks and their customers in the crypto space. However, the developments in this matter indicate that the tide may well turn as we see an uptick of cases like these in the English courts and victims of crypto fraud may see further options for recovery.