News and Publications

More digital asset litigation: Court of Appeal to analyse the potential duties of blockchain developers

Posted: 31/08/2022

The judgment of the English High Court in March 2022 in Tulip Trading Limited -v- Bitcoin Association for Bitcoin SV (BSV) & Others was a seminal decision in the arena of digital assets. The judgment of Mrs Justice Falk provided comfort to blockchain developers that they are not accountable to users of their software who are victims of a hack.

That comfort will have been shaken, however, following the Court of Appeal granting permission for Tulip Trading to appeal Mrs Justice Falk’s decision. In granting such permission, Lady Justice Andrews held that the issue of whether developers owe a legal duty to the owners of digital assets and, if they do, the nature and scope of those duties, is one of ‘considerable importance and is rightly characterised as a matter of some complexity and difficulty’.

This article analyses the ongoing litigation, and considers what the future holds for the law relating to digital assets.

Background facts

The claimant, Tulip Trading Limited (Tulip), is a company registered in the Seychelles. Its CEO is Dr Craig Wright, who claims to be Satoshi Nakamoto, the creator of Bitcoin. Tulip claims that the 16 defendants, all of whom are based outside the jurisdiction, are the core developers of, and/or control, software relating to four digital asset networks.

It was averred by Tulip that it owned digital assets worth over £3 billion at two addresses on the networks. Dr Wright, via Tulip, claimed that, in February 2020, he discovered a hack of his personal computer which had led to bitcoin, then worth £1.1 million, being taken from his wallet. Although the hack was reported to the police, there was no evidence that any progress had been made in identifying the hackers.

In April 2021, Tulip filed its claim at court together with an application to serve its claim on the defendants outside the jurisdiction. Tulip claimed that the defendants owed it fiduciary and/or tortious duties to assist it in regaining control of the stolen bitcoin. Tulip sought an order requiring the defendants to take positive steps to ensure that it could access and control its assets or receive financial compensation for its losses.

In May 2021, the High Court made an order granting permission for the claim to be served on all of the defendants outside the jurisdiction and, in some cases, via e-mail. In response, several of the defendants made an application which challenged the jurisdiction of the English court to make that order. In doing so, the defendants adopted the position that, to the extent they were involved in the software development for the networks, they were merely part of a large and shifting group of contributors.

A key part of the defendants’ case was that these contributors had no organisation or structure; ie, they were ‘decentralised’ and no party had significant control over the networks. The defendants also challenged Dr Wright’s evidence that Tulip was, in fact, the owner of the bitcoin.

The High Court’s decision

Mrs Justice Falk found resoundingly in the defendants’ favour. She held that the test for serving the claim out of the jurisdiction had not been satisfied as Tulip had no realistic prospect of establishing that the defendants owed it any duty of care for the assets stored on the networks. The judge’s key findings are summarised below.

Was there a serious issue to be tried?
In this regard, the judge agreed with Tulip. She decided that the issues of whether Tulip was the owner of the bitcoin and whether the hack had occurred were serious issues to be tried.

Having made this finding, the judge had to then consider whether Tulip had reasonable prospects of success in its claims.

The fiduciary claim
It was held that Tulip’s case that the defendants owed it a fiduciary duty to take steps so that it could regain control of the assets was not seriously arguable.

It was deemed inappropriate to impose a fiduciary relationship between the defendants and the users of the network as this would result in the defendants owing duties to all owners of digital assets on the networks (this being a floodgate argument). Those users were an anonymous and fluctuating class with whom the defendants had no direct communications and no contractual relationships.

The foundation of Tulip’s case was that it had ‘entrusted’ its property to the defendants. Again, it was held that it was incorrect to say that bitcoin owners were entrusting property to a shifting and unidentified group of software developers.

Further, Mrs Justice Falk reminded the parties that a key feature of fiduciary relationships is an undivided loyalty between the alleged fiduciary - the defendants in this case - and the beneficiary, Tulip. As part of its case, Tulip was forced to concede that the steps it wanted the defendants to take (ie the release of a patch so it could regain control of its assets) would be for Tulip’s benefit alone and not for all users of the networks.

In these circumstances, there was a risk that giving Tulip what it wanted would not be consistent with the defendants’ duty of single-minded loyalty that, should a fiduciary relationship be established, it would owe to the other users of the networks.

Accordingly, Mrs Justice Falk held that there was no realistic basis for concluding that a fiduciary duty existed in favour of Tulip or that any such duty had been breached.

The tortious claim
Tulip acknowledged that its claim of a duty owed in tort was ‘novel’ but argued that the court should recognise a duty owed to the owners of bitcoin by developers who can assist them in recovering their stolen assets.

The court accepted that it might be arguable that developers had some responsibility to not harm the interests of asset owners. Also, if the defendants did, in fact, control the networks then they might have some form of duty to address bugs or other defects that affect the system.

However, the complaint in this case was that the defendants had failed to act in assisting Tulip in recovering its assets by making changes to how the networks operated. The allegation was not that the defendants had failed to fix a known defect. There was also no suggestion that any of the defendants had any involvement with the alleged hack or that they had increased the harm suffered by Tulip. Once again, the court noted that the class of persons to whom the defendant would owe duties would be unknown and potentially limitless.

As such, it was decided that the imposition of a tortious duty of care would not be an ‘incremental extension’ of the existing law and, given its unlimited nature, would not be fair, just or reasonable.

The disclaimer
An interesting sideshow in the judgment was the consideration of a disclaimer of liability upon which some of the defendants relied. The disclaimer stated that: ‘In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.’

Mrs Justice Falk did not consider this wording to be sufficiently clear so that the controllers of the relevant network assumed ‘no responsibility for any aspect of its operation’. It will be interesting to see what the Court of Appeal makes of the disclaimer as part of its analysis of whether a duty of care is owed to Tulip.   

The significance of public policy
Tulip tried to argue that the case dealt with several issues of public importance that should be explored fully at trial. Although the court accepted that important issues were in play, this could not lead to duties of care existing that the court had already decided were not arguable. In essence, the court could not look past the fact that it had decided that Tulip did not have reasonable prospects of success with its claims.

Notably, the court referred to the Law Commission’s ongoing project into potential law reforms regarding the recognition and protection of digital assets. It was remarked that the development of the law in a way that might assist Tulip was something that the Law Commission and, potentially, Parliament might consider in the future.

Other issues
Although it was unnecessary to do so given that the defendants were found to owe no duty of care to Tulip, the court briefly considered other procedural matters.

After considering a number of ‘jurisdictional gateways’, the court confirmed that it would have permitted Tulip to serve its claim outside the jurisdiction. In doing so the court found that:

  • The stolen bitcoin had been located in the jurisdiction. In deciding this, the key issue was not, as the defendants claimed, where Tulip was resident or domiciled. Instead, the court considered, among other matters, the ‘location of control’ of the digital asset to be the most relevant factor[1].
  • In any event, if it were necessary, the court would have found that Tulip was resident in the jurisdiction despite being a Seychelles registered company. This was because:
    • Dr Wright had the ability to control the digital assets from the jurisdiction (although he had, in fact, opted not to access them for many years before the hack).
    • Dr Wright had never been to the Seychelles.
    • Tulip kept no books or records in the Seychelles and had never filed accounts in the Seychelles either.
  • The bitcoin could and would have been controlled from England and, therefore, the damage would be suffered by Tulip within the jurisdiction. This was notwithstanding that the digital assets could be accessed from anywhere and not just England.

Finally, the court also held that, if there had been claims with reasonable prospects of success, England would have been the proper forum for the trial of those claims. This was because Tulip and Dr Wright were resident in the jurisdiction; the assets were located in the jurisdiction; that is where the harm had been suffered; and the claim would have been subject to English law. Conversely, the defendants were based in a number of different jurisdictions including the US, the Netherlands, Switzerland, France, Japan, New Zealand and Australia.

What next?

This case is part of the upwards trend of digital assets as the subject of litigation in England and Wales. We have already seen the judgment from July 2022 which permitted service of legal documents via non-fungible token airdrop. Decisions in this arena will become more common as the ownership of digital assets becomes more prevalent.

Tulip will no doubt be encouraged by the Court of Appeal’s decision that the question of whether developers owe duties of care should not have been dealt with summarily and requires re-examination. Meanwhile, the need for reform in the sector is becoming progressively scrutinised, as evidenced by the ongoing Law Commission report, the scope of which was increased in November 2021. However, if and when any legislation will actually come into force is another matter.

What is on the cards is a change in the near future to the procedural rules about service of certain claims outside the jurisdiction. The claims in question are those seeking disclosure of information regarding the identity of potential defendants or the location of a claimant’s property.

The intention is to permit claims limited to ascertaining this information to be served outside the jurisdiction without the need for a claimant to clear hurdles such as the location of assets or where the alleged harm was suffered. Once enacted, this development will hopefully allow the owners of digital assets who are the victims of fraud to identify the fraudsters and locate their property more swiftly and at less expense. They will then be able to decide whether to commit to full-blown proceedings to try to recover their stolen assets.

In the meantime, it is unclear when the Court of Appeal will make its ultimate decision on Tulip’s appeal. Until then, investors, developers and legal practitioners alike will continue to wait with bated breath.


[1] In this respect the court was persuaded by the findings contained in the Legal Statement on Cryptoassets and Smart Contracts published by the UK Jurisdiction Taskforce in November 2019 (paragraph 99).

Arrow GIFReturn to news headlines

Penningtons Manches Cooper LLP

Penningtons Manches Cooper LLP is a limited liability partnership registered in England and Wales with registered number OC311575 and is authorised and regulated by the Solicitors Regulation Authority under number 419867.

Penningtons Manches Cooper LLP