Interest in cryptocurrencies built up rapidly during the Covid-19 pandemic with many private investors looking for higher returns while interest rates in typically safe markets were low. Whether the current trend of newcomers to the market will continue in the short term remains to be seen with this month’s dramatic ‘crypto-meltdown’ even extending to wobbles in so-called ‘stablecoin’. Some commentators have heralded this as the death of crypto but seasoned crypto investors have weathered crypto-winters before and can see them as opportunities to re-set the industry.
In this context, public attention has turned to the volatility risk of cryptocurrencies but it is the difficulties of recovering lost or stolen cryptocurrency which were the focus of the English Court in Tulip Trading Ltd v Van der Laan & ors.
The underlying facts of Tulip Trading are:
- Tulip Trading Limited ('TTL') claims to own digital assets worth over £3 billion. However, it alleges that its computers were hacked and its private keys were removed, thereby leaving TTL unable to access or deal with its bitcoin.
- In an effort to try to recover its stolen bitcoin, TTL brought a claim against the developers and software controllers of the four digital asset networks (the 'Developers') on which the bitcoin was held. TTL sought alleged that the Developers owed fiduciary and/or tortious duties of care which required them to take all reasonable steps to provide TTL with access to and control of its lost bitcoin.
Fiduciaries duties
As Millet LJ stated in Bristol and West Building Society v Mothew:
'A fiduciary is someone who has undertaken to act for or on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence. The distinguishing obligation of a fiduciary is the obligation of loyalty. The principal is entitled to the single-minded loyalty of his fiduciary.'
Applying this test, Mrs Justice Falk found that:
- Whilst there was an alleged imbalance of power between bitcoin owners and developers, that was merely a 'feature of fiduciary relationships'. It was not a defining characteristic or sufficient to require the imposition of a fiduciary duty.
- Bitcoin owners could not be described as entrusting their property to the body of software developers, not least because the developers are a fluctuating body of individuals. Even if they currently control the networks, it is not reasonably arguable that they have assumed a responsibility to continue to do so.
- The creation of a system patch allowing TTL alone to recover control of its assets (rather than a systemic software change) appeared at odds with a duty of single minded loyalty to all of bitcoin owners, not least because it contrasts with the fundamental feature of the networks which is that digital assets are transferred only through the use of private keys.
- Imposing a duty of care on developers could leave them open to claims by rival bitcoin owners in other jurisdictions and there was no justification for imposing such a risk.
There was therefore no realistic basis for imposing a fiduciary duty on the Developers in favour of TTL, or for concluding that such a duty had been breached.
Tortious Duty of Care
TTL also claimed that the Developers had a tortious duty of care to the bitcoin owners which had been breached by the Developers failing to provide software which enabled the owners to recover lost or stolen private keys or to include sufficient safeguards against third parties.
Again, Mrs Justice Falk found against TTL holding that, as the loss suffered by TTL was purely an economic loss, there could be no common law duty of care without the Developers having assumed responsibility to protect the bitcoin owners from harm. Whilst the Developers might have assumed some responsibilities not to cause harm to the bitcoin owners (for example, by not introducing harmful bugs to the system), they could not be said to have a duty to make changes to the fundamental workings of the Networks so as to enable TTL or other bitcoin owners to access their assets.
In its arguments, TTL sought to compare the relationship between developers and bitcoin owners to the relationship between a bank and its customers. To many people, this might seem a sensible comparison given the nature of the underlying assets as a digital currency. However, it did not find favour with the Court which held that the bank/ customer duty of care could be distinguished as it stems from the contractual relationship between those parties and the fact that the bank acts as the customer’s agent in executing payment instructions. Further, implying a similar duty of care to the developer/ bitcoin owner relationship would not be fair, just or reasonable where:
- The potential class of claimants against developers is unlimited, such that there would be no real restriction on the number of claims that could be advanced by bitcoin owners who had allegedly lost their private keys or had them stolen.
- Implying a duty of care on developers to investigate and address any claims for lost or stolen keys would leave them with a very difficult task in practice given the anonymity of the system and potential for off-chain transactions.
- Developers are unlikely to be able to obtain insurance to protect themselves.
- The developers’ position as a fluctuating body of individuals again made it difficult to justify imposing an obligation on them which would require them to continue to be involved with the Networks, particularly where they had never given any previous commitment to do so.
Finally, whilst TTL stressed public policy considerations in protecting bitcoin owners, it was held that did not in itself justify imposing a common law duty of care on the developers.
Blockchain developers have welcomed the judgment as an example of the English Courts approaching digital assets in a way that will support the industry and allow the technology to flourish. On the other side of the (bit)coin, the decision underscores the risks for individuals and trustees holding cryptocurrencies.
Whilst the Court in this case declined to impose the duties TTL contended for, there has been willingness in other cases to enable the victims of cyberheists to use existing tools in innovative ways. Although, if the legal system is to keep pace with a disruptive and fast changing sector, new tools may need to be forged.
This article was first published in the May edition of Private Client Global Elite: The Month, on 19 May 2022.