High Court finds no duty of care from bitcoin developers to owners

It comes after Tulip Trading Limited (TTL), a Seychelles-based company that lost ‘private keys’ to access more than £3 billion in bitcoins in a 2020 hack, took legal action against more than a dozen developers of digital asset networks. TTL argued that, like the relationship between a solicitor and a client, its relationship with the developers should contain a fiduciary duty because of the imbalance of power involved and the fact that it had entrusted its property to them.

The company said that the developers were able to take steps to help it regain control of its stolen digital assets and should be required to write a “patch” into the blockchain network. TTL said a patch could allow the assets to be transferred to a new address that it could access. TTL alleged that the developers owed it a duty of care in common law and that by refusing to write a patch, they had failed to act “to alter how the system works to ensure that TTL regains control of the bitcoin following harm allegedly caused by a third party.” 

Handing down her judgement, however, Mrs Justice Falk was unconvinced, and said developers owed neither a fiduciary nor common law duty of care in English law to owners of bitcoins. She held that while the imbalance of power and vulnerability to abuse of that power tended to be a feature of fiduciary relationships “it is not a defining characteristic and is certainly not a sufficient condition for the existence of the duty.”

Justice Falk added: “I do not think that bitcoin owners can realistically be described as entrusting their property to a fluctuating, and unidentified, body of developers of the software, at least in the sense and to the extent claimed by TTL.” Her decision also noted that, if TTL’s case was upheld, “there would be no real restriction on the number of claims that could be advanced against the defendants by persons who had allegedly lost their private keys or had them stolen.” 

Justice Falk said it was also “wholly unclear” in practice how, if TTL’s claim was upheld, developers could fulfil their obligation to investigate and address any claim that a person had misplaced their private keys or had them stolen. She contrasted the difficulty of developers taking steps to protect anonymous bitcoin owners with the steps these owners could take to protect themselves - including taking out insurance or keeping copies of their private keys in multiple locations. 

Justice Falk added that imposing a duty of care on ‘developers’ - a fluctuating body of individuals who may only have intermittent involvement in certain networks – was ultimately impractical.

Jennifer Craven of Pinsent Masons said: “Ultimately, the High Court found that the existing law does not support the idea that the developers had a fiduciary or common law duty of care for TTL in this case. The court also concluded that it would be impractical to impose a duty on developers given the anonymous nature of bitcoin users and the fluctuating pool of developers.”

She added: “As the High Court’s acknowledged in its judgment, the ability of bitcoin users to have recourse where their access to digital assets is lost or stolen remains a significant public policy concern, given the widespread use and increasing popularity of digital assets like bitcoins.”