Software Developers and Fiduciary Duties to Cryptocurrency Owners

Software developers should take note of a recent English Court of Appeal decision. According to the court, “If the decentralised governance of bitcoin really is a myth, then . . . there is much to be said for the submission that bitcoin developers, while acting as developers, owe fiduciary duties to the true owners of that property.” So while the court did not find that a fiduciary duty does exist, it left the door open for such a finding to be made.

The proceedings, Tulip Trading Limited v. Wladimir van der Laan & ors, [1] mark the first time that the roles and duties of cryptocurrency software developers have been considered by the English courts. The judge commented that this was a developing area of law, where the factual circumstances were new and “quite a long way” from factual circumstances which the courts have had to examine before in the context of fiduciary duties. The judge noted that “the internet is not a place where the law does not apply” and that, while the common law often works incrementally and by analogy with existing cases, if the facts change in a way which is more than incremental, the right response of the common law is not simply to stop and say that incremental development cannot reach that far.

Case History

The claimant Tulip Trading Limited (Tulip) is a Seychelles company owned by Dr. Wright, who claims to be Satoshi Nakamoto, the inventor of bitcoin (although his role as founder was disputed and the court did not need to rule on that issue). Tulip claimed to own 111,000 bitcoin (worth around $4 billion in April 2021), which Dr. Wright accessed and controlled from his computer and network in England. However, in 2020 the private keys were lost in a hack and likely stolen. Without its private keys, Tulip could not access its assets or move them to safety.

Tulip alleged that the 16 software developers named as defendants in this case controlled and ran the four relevant bitcoin networks and it would be a simple matter for them to secure Tulip's assets by moving them to another address that Tulip could control. Tulip argued that the developers’ fiduciary duties owed should extend to implementing the necessary software patch to solve Tulip's problem and safeguard Tulip's assets from the thieves.

The defendants denied that they owed fiduciary or any other duties to Tulip, that such duties would be highly onerous and unworkable, and that they had nothing like the power or control Tulip alleged.

The defendants were all resident outside of the jurisdiction, so Tulip had obtained leave to serve outside the jurisdiction. The matter originally came before the UK High Court on an application to set aside service brought by most of the defendants who had by then been served.

The High Court concluded at first instance that Tulip had not established a serious issue to be tried because there was no realistic prospect of establishing that the facts pleaded amount to a breach of fiduciary or tortious duty owed by the defendants to Tulip. However, the Court of Appeal overturned the High Court's decision that there was no serious issue to be tried. As a result, Tulip's claim will now be determined at trial, where the court will consider the full facts and legal arguments.

Court of Appeal Decision

The Court of Appeal considered the classic definition of a fiduciary:

[S]omeone who has undertaken to act for or on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence. The distinguishing obligation of a fiduciary is the obligation of loyalty. The principal is entitled to the single-minded loyalty of his fiduciary. This core liability has several facets. A fiduciary must act in good faith; he must not make a profit out of his trust; he must not place himself in a position where his duty and his interest may conflict; he may not act for his own benefit or the benefit of a third person without the informed consent of his principal.

The Court of Appeal concluded that the role of the software developers involves the exercise of authority by the developers, given to them by their control of access to the source code, and it is a decision-making role. These features, of authority and of discretionary decision making, are common to fiduciary duties. For example, without the relevant password for the bitcoin software account in Github, no one else, such as a concerned bitcoin owner, could fix a bug in the code. Thus the bitcoin owners had placed their property into the care of the developers, which could be argued was an “entrustment.”

The specific fiduciary duties in this case were said to be to introduce a code update which would transfer the bitcoin into a safe account controlled by the true owner or which would safeguard that bitcoin in some other way. The key remedy sought by Tulip in this case was an injunction to require the developers to act.

Implications for Industry

The trial will be of significant interest to the crypto industry, as the case will need a significant development of the common law on fiduciary duties in order to succeed.

In view of the fact that crypto disputes are not always limited to one jurisdiction, it is notable that the Court of Appeal did not challenge the High Court’s conclusions that there was a good arguable case that the claim would fall within the court’s jurisdiction, on the basis that Tulip was resident in the UK and the bitcoin, as property, was located in the UK.

This case is one to watch, as it may lead to a judicial decision not only as to whether digital currency networks are decentralised, but also whether software developers of such networks owe their customers fiduciary or tortious duties, and what the extent of those duties should be.