Tulip - a cautionary tale. Do software developers owe a fiduciary duty to users of the code they write? (Tulip Trading v Van Der Laan and Others)
On 3 February 2023, the Court of Appeal in England ruled that the dispute between the Claimant, Tulip Trading Limited (“Tulip Trading”) and the Defendants, who are sixteen bitcoin developers involved with the development of blockchain software underlying digital currency assets (the “Developers”), should proceed to trial on the basis that the facts show there is a serious question to be tried. In doing so, the court decided that a claim against the Developers based on breach of their fiduciary or other duties to users of that technology was arguable on the facts.
It is important to appreciate that this decision is not determinative of the issue – it was a decision relating to an interim application to serve proceedings out of the jurisdiction because all of the Developers reside overseas. But, for the reasons set out below, it is of great interest to the blockchain and crypto asset communities.
The dispute relates to the question of whether fiduciary duties and duties in tort (in particular a duty of care) are owed by the Developers to those using the software they develop for holding and trading in cryptocurrencies. Tulip Trading claimed that it owned approximately $4 billion worth of Bitcoin, on a variety of networks run by the Developers. Tulip Trading claimed its access to that Bitcoin was lost (likely stolen) following a hack on the home computer of its CEO, Dr Craig Wright (who disputedly claims to be the identity behind the pseudonym Satoshi Nakamoto – inventor of Bitcoin and by extension blockchain-based cryptocurrency in general). As a result of the hack, private encryption keys needed to access the Bitcoin claimed to be owned by Tulip Trading were deleted; there is no other method available to Tulip Trading to take steps to recover the Bitcoin. Following Tulip Trading’s loss of access to the private encryption keys, Tulip Trading, as the true owner of the Bitcoin, brought a claim against the Developers, claiming that the Developers owe Tulip Trading fiduciary and/or tortious duties to restore Tulip Trading’s ability to access and use the digital assets which they could do by transferring the assets to another online wallet under their control. The Developers deny they have the power or control to do this.
This case is the first-of-its kind to consider the existence and scope of fiduciary duties or duties of care in the context of cryptocurrency software development. As such, the outcome of the trial (and expected appeals) will be of significant interest with wide-ranging implications to the world of digital assets and will be watched closely by the international crypto community.
Issues to be addressed by the trial of this claim
At the first instance, Mrs. Justice Falk was persuaded that there was no serious issue to be tried. In other words, she decided that there was no realistic possibility that a court would decide that the Developers owed fiduciary and other duties to Tulip Trading on the case pleaded. However, the Court of Appeal unanimously reversed Falk J’s decision, finding that the facts of the case gives rise to a “serious issue to be tried”, and Lord Justice Birss, in giving the unanimous decision of the Court of Appeal, concluded his judgment by saying that if Tulip Trading is right that the “decentralised governance of bitcoin is a myth, then in my judgment there is much to be said for the submission that bitcoin developers, while acting as developers, owe fiduciary duties to the true owners of that property”.
The basis for this view is that such developers have, in their role as the engineers of such technology, the power to exercise authority given to them by their control of access to the source code to make decisions which affect the users of that technology. The Bitcoin can be said to have been entrusted to their care and, As a result, It was arguable that the Developers had duties to put the interest of bitcoin owners as a class ahead of their self-interest. As a result, this duty might encompass a duty to make changes to the underlying code in a manner which permitted the transfer of digital assets in circumstances such as those alleged by Tulip Trading.
At the heart of this dispute are two key questions:
(1)Are digital currency networks in fact decentralised?
This case is the first time that the English court will need to examine the concept of decentralisation. Decentralisation in the context of blockchain technology is the replacement of traditionally centralised functions, such as the validation of transactions and other elements of control and decision-making from a centralised entity (e.g., individual or group), by a democratic process in which a distributed network of users must agree on any proposed change. Proponents of decentralised networks claim that the intention behind the structure is to reduce the level of trust that participants must place in one another and deter their ability to exert authority or control over one another in ways that degrade the functionality or integrity of the network. If this decentralised structure effectively prevents developers from independently making changes to the network, then the developers do not have control of the networks, and, as such, could not owe a fiduciary duty to the users of that technology. In the contrary, if decentralised governance of bitcoin is actually a myth, then it is arguable that the claimed benefits of decentralisation (e.g., immutability and anonymity) fall away. In order to address this question, the court referred to international academic literature. In particular, the court highlighted that the paper entitled "In Code(rs) we trust: Software Developers as Fiduciaries in Public Blockchains" by Angela Walch provides independent support of Tulip Trading’s view that it is a myth. It will be interesting to see whether the court will look more extensively at the views of the international crypto community when addressing this point at trail, especially as that community seems divided on this point.
(2)Does the development of a digital currency network give rise to fiduciary and/or tortious duty?
Under English law, the key characteristics of fiduciary duties are that a person “has undertaken to act for or on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence”.[i] Therefore, the question for the court to determine at trial is whether the developers of a given network have control of the underlying blockchain source code and have the ability to re-write it and, if so, whether that gives rise to a relationship of trust to the bitcoin owners. If this is the case, the Developers’ failure to take those steps could amount to a breach of duty justifying an order mandating the software amendment or, in the alternative, equitable compensation.
A decision in the English courts that a blockchain network can be controlled by the engineers that operate it and, as a result, such engineers owe duties to those that use the technology will have considerable and wide-ranging repercussions around the world– it is certain that the outcome of this question will be one that is watched closely internationally; if such a duty is found at trial, the decision could result in many claims for breach of fiduciary duties by victims who have had their digital assets lost or stolen as a result of a hacker’s unauthorised access to crypto networks.
This judgment has already triggered significant international debate. This is not just because the case is the first-of-its-kind concerning fiduciary duties in the context of cryptocurrency assets from an English court; it is also interesting because of the multi-jurisdictional nature of the dispute and more generally the possible repercussions globally for software developers of digital assets. If Tulip Trading is successful, the contractual framework (or lack thereof) of the development of such networks will likely need a complete overhaul so that the risks involved are allocated in a manner acceptable to system providers and users. How this might be done will be of interest as well – will the market decide or will the issue need to be regulated at a governmental or supra-governmental level - and what part could consumer protection laws play?
Another interesting point relates to Mrs. Justice Falk’s judgement at first instance that the distinguishing feature of a fiduciary relationship is the obligation of “undivided loyalty”. The judge found that Tulip Trading’s demand that the Developers re-write the source code resulted in divided loyalties. This is because it was solely for the purpose of enabling Tulip Trading to access its private key and was not for the benefit of the networks’ users more broadly. Accordingly, the court at first instance ruled that a duty of loyalty could not arise in favour of Tulip Trading to the "exclusion of the interests" of other users. The Court of Appeal acknowledged this point but, looking at this power of control more objectively, the court noted that the Developers had control of the choice whether to act or not, and that this could give rise to the concept of a fiduciary duty. It also pointed out that it was not uncommon for trustees with fiduciary duties to have to make decisions which might favour one beneficiary over another.
Lastly, the court, after accepting that it had the jurisdiction to hear the case, held that the law of the state where assets are located for the purposes of cryptocurrency is likely to be the place where the owner is resident, not where they are domiciled. This could be relevant for determining the governing law and jurisdiction applying to other disputes relating to digital asset in the future.
In a follow-up article, our colleagues at EIP will take a closer look at the central issue of the upcoming trial from a technical perspective, namely whether an individual or group can be said to have de-facto control over a cryptocurrency network (question (1) above).
[i] See the leading case of Bristol & West Building Society v Mothew  Ch 1, 18