Appeal Court rules that cryptocurrency owner can pursue its claim that software developers owe it a duty to recover stolen bitcoin

This article was first published in Tech+, a newsletter from our tech and innovation team designed to help readers unpack complex topics in the tech space and keep up-to-date with the changes across this rapidly evolving sector. Be the first to receive the next edition and subscribe here.

As we reported recently in Tulip Trading Ltd v Wladimir Jasper van der Laan & ors., the English High Court held that there was no realistic prospect of establishing that software developers of cryptocurrency networks owed legal duties to the owner of stolen cryptocurrency to help them recover their property. This decision was made at a very early stage of the dispute and the claimant, Tulip Trading, appealed that ruling. Crucially, on 3 February 2023, the Court of Appeal decided that there is a serious issue be tried as to whether developers of cryptocurrency networks owe owners of cryptocurrency legal duties to help them protect and recover any stolen cryptocurrency.

Key aspects of the Court of Appeal’s decision

Lord Justice Birss gave the main judgment which was approved by his fellow judges. There are some interesting points to note from the Court of Appeal’s decision.

• The Court of Appeal held that it is ‘clearly arguable’ that developers have ‘undertaken a role which at least bears some relationship to the interests of…owners of bitcoins’ and which gives rise to fiduciary duties. The Court applied the analysis in Bristol and West Building Society v Mothew [1996] EWCA Civ 533 that a fiduciary’s role involves undertaking to act for another person in a particular matter where there is a relationship of trust and confidence.
• The Court of Appeal held that the categories of fiduciaries are not closed and that software developers of a given network are a ‘sufficiently well-defined group to be capable of being subject to fiduciary duties’. Tulip had argued that the software developers had complete control of the blockchain software and had the ability to implement software patches which would enable cryptocurrency owners to recover their stolen cryptocurrency. This supported Tulip’s claim that a relationship of trust and confidence existed between investors and the developers which caused the developers to owe fiduciary duties to investors. The developers said that, in reality, the network was ‘decentralised’, as they were part of ‘a very large, and shifting, group of contributors without an organisation or structure’. The High Court’s decision appeared to accept the developers’ factual portrayal of the operation of bitcoin networks. Tulip strongly disputed that this was the case. On appeal, Birss LJ agreed that this ‘decentralisation’ argument by the developers could only be determined once the court has explored the full facts at trial.
• The Court of Appeal took into account Tulip’s amended claim that software developers are only under a duty to introduce a code update to transfer bitcoin to a safe address once the court has established that the true owner’s private key has been stolen. The High Court was initially concerned that, based on the way Tulip had originally argued its claim, developers ‘would be obliged to investigate and address any claim that a person had lost their private keys or had them stolen’. However, on appeal, Tulip made it clear that if its claim was allowed to progress as amended, it would progress on the premise that developers would only owe a legal duty to cryptocurrency owners once the court had identified the true owner of the currency and had ruled that their private key had been stolen.
• The Court of Appeal did not regard the fact that introducing a software update involves a positive step by developers as a sound basis for concluding that there was no realistic prospect establishing that the developers owe fiduciary duties to cryptocurrency owners. Birss LJ noted existing case law providing that fiduciaries can be required to carry out positive steps as well as negative steps and that the developers were already required to carry out the positive step of fixing bugs in the software. In that sense, Birss LJ held that it was realistic to say that bitcoin owners entrust their property in the software developers and that they have a ‘legitimate expectation’ that the developers will not exercise their authority in their own self-interest to the detriment of owners and that they will take positive steps in good faith in certain circumstances, such as to fix bugs in the software. Birss LJ held that, by the same logic, it was realistic to argue that the developers have a duty to introduce code so that an owner’s bitcoin can be transferred to safety.
• The Court of Appeal held that it is arguable that software developers owe a duty of ‘single-minded loyalty’ to bitcoin owners as a class and that acting for the benefit of one owner to restore their stolen property is not inconsistent with that duty. The software developers had argued that for fiduciary duties to arise, they would have to act with ‘single-minded loyalty’ to investors; if they were required to take steps to assist recovery of bitcoin for one investor, that would be inconsistent with a duty to act with single-minded loyalty to other investors that might have rival claims to the assets. However, Birss LJ considered that it was arguable that the software developers could owe bitcoin owners (as a class) a duty not to put their own commercial interests ahead of the bitcoin owners when considering whether to implement a change to the software. Whilst it is possible that the interests of individual bitcoin owners might diverge, he considered that any legal duty could be framed as a duty for the developers to act with good faith and take decisions to benefit the class as whole. He drew analogies with the fiduciary duties owed by trustees to a class of beneficiaries; sometimes trustees may take decisions which favour one beneficiary over the others, but that does not mean that they are not acting as fiduciaries provided such decisions are taken in good faith. So even in this case where a proposed software change benefits only one bitcoin owner by helping them to recover their stolen assets, this does not mean a decision to implement the software update is inconsistent with the fiduciary duties owed by the developers to all bitcoin owners.

Closing thoughts

The Court of Appeal has ruled that Tulip has an arguable case that software developers owe fiduciary duties to cryptocurrency owners and that Tulip’s claim should be determined at trial, once the court has considered the full facts and legal arguments. The case will therefore return to the High Court for a full trial which will likely take place in 2024.

This is the first case where an English court has had to consider the nature and scope of duties that software developers owe to cryptocurrency owners and the trial judgment could have significant ramifications for stakeholders, with the potential to require developers to implement a software patch to transfer stolen cryptocurrency to safety. For the time being, the cryptocurrency industry will have to wait a while longer for clarity on their legal rights and obligations, but it is clear that this case will be a critical one to watch in this complex and developing area.

To hear the latest from our Technology and Innovation team, subscribe to our Tech+ newsletter.