Latest News

Bitcoin networks may owe fiduciary duties to bitcoin owners

Written by Zoe O’Sullivan KC

In Tulip Trading Limited v van der Laan [2023] EWCA Civ 83, the Court of Appeal has opened the door to the possibility of a court finding that developers who control bitcoin networks may owe fiduciary duties to bitcoin owners who use their networks.

In this case, Dr Craig Wright (who claims, controversially, to be “Satoshi Nakamoto”, the inventor of bitcoin) claims that bitcoin worth about $4 billion has been stolen from his company (Tulip) by hackers who stole his private key. He wants the defendants, who are the developers who run four bitcoin networks, to write and implement a software update which would have the effect of securing Tulip’s assets by moving them to a new address which Tulip can control. It is the developers who have the power to determine what, if any, changes are made to the network software.

A fiduciary is someone who owes a duty of undivided loyalty to its principal. A fiduciary may not act for its own benefit and cannot act for two principals with potentially conflicting interests without the informed consent of both. At first instance, Falk J held that Tulip had no real prospect of showing that the developers owed it a fiduciary duty to modify the software to protect its assets. The main obstacle was that any such duty would necessarily be owed to all bitcoin owners, but Tulip was seeking to require the developers to do something that was solely in Tulip’s interests, and might be contrary to the interests of other owners. It was also a problem that Tulip was arguing for a duty which required the developers to take positive actions to mitigate harm caused by third parties, but the law is generally reluctant to impose a positive duty in such cases.

The Court of Appeal has allowed Tulip’s appeal, commenting that the law has always said that the categories of fiduciary relationship are not closed. The Court attached particular significance to the ability of the developers to control the networks, because they control access to its source code and decide what changes are to be made to it. Bitcoin owners place considerable trust in the developers to make good decisions on their behalf. In the circumstances, it was conceivable that the developers might owe fiduciary duties to bitcoin owners, such as a duty not to introduce software changes which would compromise security. If that sort of duty might exist, so might a duty to implement a patch to protect the true owner of stolen bitcoin. Further, even though it would be a significant step to define a duty requiring the fiduciary to take positive action,  it is at least arguable that there is a duty to act, given that the developers could act to prevent anyone else from modifying the code.

It was also relevant that Tulip had amended its claim to make clear that the duty only arises once it is established (such as by a court judgment) that the true owner is unable to access the bitcoin at a certain address because the private key has been stolen by thieves. The developers are not expected to decide for themselves who is the true owner.

So far, this decision must be approached with caution, as it only concerns the preliminary question of whether Tulip should be allowed to serve the developers (who are all based out of the jurisdiction) with the proceedings. To obtain permission, Tulip only needed to clear the low hurdle of showing a serious issue to be tried (that is, that its claim was not fanciful). In this difficult and developing area of law, the Court of Appeal clearly took the view that the facts should be tried before the court decides what the law is. The Court of Appeal has not said that the developers do owe a fiduciary duty, just that there needs to be a trial of that question. The judgment of Falk J has already identified a number of very real obstacles to such a finding being made.

If a court does eventually rule that the developers in this case owed fiduciary duties to Tulip which required them to write and implement software transferring digital assets to a new address, that will have huge implications for networks and owners alike.

About the author

Zoe O’Sullivan KC is a barrister at Serle Court