Permission to appeal this decision has now been granted by the Court of Appeal – see our update here.
Last week, the English High Court held that a claim aimed at imposing a legal duty on Bitcoin developers to re-instate access to those who have lost or had their private wallet keys stolen had no real prospect of success. The finding was made in the context of a successful jurisdiction challenge launched by certain defendants to a claim brought in England by Tulip Trading Limited, a Seychelles-based company (Tulip Trading Ltd v Bitcoin Association for BSV & others [2022] EWHC 667 (Ch)).
Background
Tulip is beneficially owned by Dr Craig Wright and his family. Dr Wright, an Australian national resident in the UK, claims that he is Satoshi Nakamoto, the pseudonymous developer of Bitcoin.
Tulip maintains that it is the owner of Bitcoin valued at over £3 billion held in two addresses on four Bitcoin networks (the Bitcoin Satoshi Vision network, the Bitcoin Core network, the Bitcoin Cash network, and the Bitcoin Cash ABC network). Tulip claims it cannot access these funds because it lost the private keys associated with the addresses after a hack was committed against it.
In an attempt to re-gain access to the funds, Tulip brought claims against 16 individual Bitcoin software developers, who it alleges are the core developers or individuals in control of the four Bitcoin networks. Tulip argues that the developers owe it fiduciary duties, including a duty to make systemic changes to the software to reinstate Tulip's access and control over the Bitcoin held on the networks.
Tulip also argues that the developers owe a tortious duty of care to provide those who have lost their private keys with means to access their Bitcoin, and general duties to protect cryptocurrency owners from fraud, including by ensuring there are sufficient safeguards to protect against wrongdoing. Analogies are drawn with the Quincecare duty, which requires banks to exercise reasonable care and skill in executing a customer's instructions. That duty arises where there are reasonable grounds for believing that the instructions may be an attempt to misappropriate the customer's funds.
The issue before the Judge was whether the English court has jurisdiction to hear the claims against the relevant defendants, all of whom are resident outside of the English jurisdiction. As part of the legal test on jurisdiction, the Court had to consider whether the claim by Tulip amounted to a serious issue to be tried, with a real (as opposed to fanciful) prospect of success.
Judgment
The Judge held that it is not seriously arguable that the defendants owe fiduciary or tortious duties of care to Tulip. In relation to the former, the Judge noted that the distinguishing feature of a fiduciary relationship (such as that of a solicitor-client or director-company) is the obligation of undivided loyalty. An obligation of undivided loyalty could not be said to arise between the developers and Tulip, who is simply one of the many users of the Bitcoin networks. Likewise, the Judge held there is no special relationship between the developers and Tulip from which a tortious duty of care would arise. Unlike in the Quincecare duty scenario, there was not even a contractual relationship between the developers and Tulip (as with a customer and a bank).
The Judge noted that Tulip seeks relief solely for its own benefit in circumstances where the relief sought would require systemic software changes to the bitcoin networks generally. The Judge held that other users may not agree that a systemic change, which would allow digital assets to be accessed and controlled without the associated private keys, would be for their benefit as a whole, as this could be contrary to their understanding of how the system is intended to operate.
The Judge found it arguable that developers assume a level of responsibility to take reasonable care to not actively harm the interests of users, such as by introducing a malicious feature, but this could not be said to extend to an active duty to alter their systems to remedy harm caused by a third party (namely the hacker who allegedly stole Tulip's private keys).
Discussion
As the popularity (and value) of cryptocurrencies has risen in recent years, so too has the number of cryptocurrency-related frauds. The claim brought by Tulip highlights the frustration felt by Bitcoin owners who have lost or had their private wallet keys stolen.
The decision in Tulip will be welcomed by the defendants and software developers behind cryptocurrency networks and systems more generally. The imposition of a novel duty of care owed by open-source developers to the ever-shifting and anonymous body of end-users is likely to have had a significant impact on how those systems function and operate.
This does not mean that victims of cryptocurrency-related fraud have no means of redress. In the Tulip case, the majority of the Bitcoin remains untouched in the wallet addresses connected to the private keys allegedly stolen. One of the defining features of Bitcoin is that it is highly traceable. If those funds are transferred, details of the transaction, and the destination address(es), are likely to be publicly available.
Our fraud lawyers have experience of assisting clients who have had their cryptocurrencies stolen and dissipated through sophisticated laundering schemes. We work closely with investigators to trace misappropriated crypto assets, including by using cutting edge blockchain analytics tools, and have a successful track record of moving swiftly to obtain a combination of disclosure and freezing orders to identify the perpetrators of fraud and recover stolen crypto assets.