Do cryptocurrency software developers owe a duty of care to investors?
This article was first published in Tech+, a newsletter from our tech and innovation team designed to help readers unpack complex topics in the tech space and keep up-to-date with the changes across this rapidly evolving sector. Be the first to receive the next edition and subscribe here.
In December 2022, the Court of Appeal was asked to consider whether cryptocurrency software developers owe a duty of care to investors in the landmark case of Tulip Trading Ltd v Wladimir Jasper van der Laan & ors. The Court of Appeal’s judgment, which is expected in early 2023, could define the existence and scope of duties that software developers owe to cryptocurrency investors and potentially give victims of cryptocurrency fraud another means of recovering their stolen assets.
What is the claim about?
Tulip Trading Ltd (TTL) sued 16 blockchain developers (Defendants) who allegedly develop or control the software in four digital asset networks (Networks) in the English High Court,. TTL is the owner of over £3 billion of digital assets at two addresses on the Networks. TTL’s digital assets were stolen after computer hackers removed its private keys from its CEO’s home computers.
TTL claimed that the Defendants had breached its fiduciary and / or tortious duties to TTL to take reasonable steps to ensure that TTL regains control of its assets and that the court should order those steps to be taken or otherwise order the Defendants to pay TTL equitable compensation or damages.
The Defendants’ fiduciary duties to investors are said to arise from the significant imbalance of power between cryptocurrency developers and investors. In particular, TTL argued that:
- software developers have complete control of the blockchain software through which highly valuable digital assets are held, whereas investors have no control over their digital assets other than the ability to use private keys;
- investors entrust cryptocurrency developers with care of their assets and are vulnerable to abuse by developers; and
- developers can amend the protocol to allow investors to recover control of their assets or to stop or reverse a fraudulent transaction, whereas investors have no such power and no means of obtaining redress against fraud.
TTL argued that the Defendants could enable TTL to regain control of its digital assets by implementing a software ‘patch’ in the computer code operating the relevant Network which would either transfer TTL’s assets to a new address and issue TTL with a new private key, or would make TTL’s assets accessible at their existing addresses by issuing TTL with replacement private keys.
TTL argued that there was a special relationship between cryptocurrency developers and investors giving rise to a tortious duty of care ‘to include in the software means to allow those who have lost their private keys or had them stolen to access their bitcoin’, ‘to include sufficient safeguards against wrongdoing by third parties’ and to assist investors in regaining control of their assets.
What did the High Court need to consider?
As none of the Defendants are based in England, they challenged the court’s decision to permit TTL to serve its claim on the parties out of the jurisdiction, arguing that there was no serious issue to be tried on the merits of the claim. In particular they argued that they do not have control of the Networks, and that no fiduciary and / or tortious duties have arisen, because:
- the software developers are part of a very large and shifting group of contributors without an organisation or structure;
- any software ‘patch’ that they proposed would be ineffective because miners would refuse to run it and would instead run earlier versions of the software; and
- what TTL seeks is inconsistent with the core values of bitcoin as a concept.
What was the High Court’s decision?
In March 2022, the High Court rejected TTL’s case that the existence of fiduciary and / or tortious duties owed by the Defendants were serious issues to be tried.
- The court acknowledged that an imbalance of power and vulnerability to abuse of power are often a feature of fiduciary relationships but held that a power imbalance is not sufficient for the existence of a fiduciary duty.
- The court acknowledged that digital asset holders would have certain expectations of software developers about the security of the Network and private keys, the efficacy of the ‘proof of work’ processes and anonymity. However, the court held that this did not require the developers to act with ‘single-minded loyalty’, which is central to any fiduciary relationship, or to remain as developers of the Networks and make future updates whenever it might be in the owners’ interests to do so.
- The court also held that that, if any relationship of trust and confidence did exist, there ‘must be a real risk that acceding to TTL’s demands would not be consistent with a duty of single-minded loyalty owed to other users’, such as rival claimants to the assets.
- The court acknowledged that it might be arguable that ‘when making software changes, developers assume some level of responsibility to ensure that they take reasonable care not to harm the interests of users’ and ‘to address bugs or other defects that arise in the course of operation of the system’. However, the court did not consider that that amounted to a special relationship giving rise to a tortious duty of care.
- Moreover, the court held that a duty to ‘alter how the system works to ensure that TTL regains control of the bitcoin following harm allegedly caused by a third party’ could not be treated as an ‘incremental extension of the law’, particularly bearing in mind that the loss was purely economic. The potential class of persons to whom the alleged duty was owed was ‘unknown and potentially unlimited’ and would mean that the ‘Defendants would be obliged to investigate and address any claim that a person had lost their private keys or had them stolen’.
Where are we now?
This is the first case where an English court has had to consider the role and duties of cryptocurrency software developers.
On 10 June 2022, Bitcoin Associate for BSV, one of the Defendants, issued a press release confirming that it had reached a settlement with TTL that it would release software which would allow miners to freeze coins which have been proven to be lost or stolen, so that they may be returned to their rightful owner.
On 11 August 2022, Lady Justice Andrews granted TTL permission to appeal the High Court’s decision that TTL had not established a serious issue to be tried. Lady Justice Andrews recognised that the question of whether the developers owe tortious and /or fiduciary duties to the owners of digital assets ‘is one of considerable importance and is rightly characterised as a matter of some complexity and difficulty’, which is ‘not susceptible of summary determination in the context of a challenge to the jurisdiction’.
If the Court of Appeal decides that there are serious issues to be tried, the case will be remitted back to the High Court to decide whether and to what extent the Defendants owed TTL tortious and /or fiduciary duties to help TTL regain control of its digital assets. With cryptocurrency fraud on the rise, the court’s decision on the existence and extent of any duties owed by software developers to cryptocurrency investors could have significant ramifications across the industry. Updates will be provided as the case progresses so watch this space