Tulip Trading: how rosy is it really?
Tulip Trading: how rosy is it really?
In the matter of Tulip Trading Limited v Wladimir Jasper van der Laan and ors [2023] EWCA Civ 83, the Court of Appeal allowed the claimant’s appeal of the earlier High Court judgment, which had denied jurisdiction over Tulip Trading’s claim for breach of fiduciary and tortious duties.
Much has been said of how the judgment could ultimately make it easier for victims of crypto fraud and virtual asset hacks to recover their stolen assets, but what could the eventual decision of the court mean for the future of decentralisation and Web 3.0?
Tulip Trading (“Tulip”), the Seychelles company claimant, is owned by Dr Craig Wright, who has claimed independently of these proceedings to have invented the bitcoin digital currency.
Following a hack on Dr Wright’s computer discovered in February 2020, Tulip claimed it had lost access to bitcoin it held valued at approximately $4 billion. The loss arose because the private keys needed to control the funds were deleted during the hack, and Tulip retained no other copies.
Dr Wright believes Tulip’s bitcoin may not actually have been moved from the wallet addresses they were held in by Tulip following the hack, as while the hackers had stolen (and deleted) the files from his computer that contained the private keys, those files were themselves encrypted, potentially preventing the hackers from accessing the private keys the files contained.
Tulip sought the help of a number of bitcoin developers to resolve the issue. It alleged in its claim that the developers could either patch the code that operated the specific bitcoin networks in issue so as to relocate Tulip’s stolen bitcoin to another address which it could control, or they could issue replacement private keys that would allow Tulip to regain control over its stolen cryptocurrency.
The developers refused, resulting in Tulip bring a claim against them for declarations that:
- Tulip owned the bitcoin concerned;
- The developers owed Tulip fiduciary or tortious duties which required them to assist Tulip to regain control of its stolen assets;
- Tulip was owed equitable damages for the developers’ breaches of those duties.
At first instance in the High Court, Tulip succeeded in establishing that one or more of the gateways under CPR PD 6B was engaged for service on the defendants out of jurisdiction, and that England & Wales was the appropriate forum for the dispute.
However, Tulip failed to demonstrate that its claim had sufficient merits, with Mrs Justice Falk holding that no fiduciary duties or duties in tort existed between Tulip and the developers in law. It therefore followed that the judge’s order set aside the possibility of service on the foreign defendants.
The Court of Appeal’s decision
On appeal, the Court of Appeal unanimously held that there was in fact a serious issue to be tried, and Tulip was granted leave to appeal on six grounds, of which four were highlighted by the court for their particular relevance:
- This is a developing, complex and uncertain area of law and therefore the point ought to go to trial;
- The taking into account of the Law Commission project was an error;
- The conclusions are in error because they are based on findings impermissibly assumed against Tulip;
- The judge was wrong to hold that Tulip has no real prospect of establishing that the claimed fiduciary duties exist.
While each is interesting in its own right, it is the fourth ground that is especially interesting and which could have the greatest significance on the future of the web.
Having noted that he did “not pretend that every step along the way is simple or easy” for Tulip, Birss LJ then went on to set out what he referred to as “a realistic argument” for the fourth ground, relevant to the Court’s decision that the case raised a serious issue to be tried:
The developers of a given network are a sufficiently well defined group to be capable of being subject to fiduciary duties. Viewed objectively the developers have undertaken a role which involves making discretionary decisions and exercising power for and on behalf of other people, in relation to property owned by those other people. That property has been entrusted into the care of the developers. The developers therefore are fiduciaries. The essence of that duty is single minded loyalty to the users of bitcoin software. The content of the duties includes a duty not to act in their own self interest and also involves a duty to act in positive ways in certain circumstances. It may also, realistically, include a duty to act to introduce code so that an owner’s bitcoin can be transferred to safety in the circumstances alleged by Tulip.
Birss LJ’s argument thereby resonates with the claimant’s case that it is the developers who control the bitcoin software and who, for example, make decisions to fix something that some people may contend is a bug in the software (or not). In consequence, duties may be owed to bitcoin’s users.
The defendants, however, challenged this description of their position (and that of developers more generally), arguing that the bitcoin software is decentralised and that the developers are better described as a fluctuating and unidentified body.
In this way, the defendants’ arguments reflect the reality of bitcoin and of distributed ledger technology as a decentralised network of computers that maintain a database of transactions that are verified and recorded in a secure and transparent manner.
Bitcoin is decentralised by virtue of it being maintained and updated by a network of users (including the defendants) who, despite their separation, are incentivised to work together to maintain the integrity of the system. Bitcoin developers are typically independent and often work voluntarily, although some take salaries from donors. Some developers contribute over the long term, although nothing prevents a developer from simply dipping a toe, treating their involvement as just a short term or one-off project.
Decentralisation is argued by proponents of blockchain and related technologies as essential to their function and value proposition, with no central authority or single point of control. Instead, a system is distributed across many nodes in a network. In respect of blockchain, decentralisation makes it difficult for any single entity to control or manipulate the chain (that is, the data), which is one of the key advantages of this technology, making it secure, transparent, trustworthy, and accessible.
Comment
Birss LJ stated in his judgment that “If the decentralised governance of bitcoin really is a myth, then in my judgment there is much to be said for the submission that bitcoin developers, while acting as developers, owe fiduciary duties to the true owners of that property.”
As the popularity and value of cryptocurrencies has risen in recent years, so too has the number of crypto frauds. If the decentralised governance of bitcoin is ultimately determined to be a myth, and the defendants are held to owe duties to the claimant and therefore to bitcoin holders more generally as a result, it will likely become easier for victims of crypto fraud and virtual asset hacks to recover their stolen assets. However, this victory for victims of such frauds could come at a significant cost.
Certainly, it would set an uncomfortable precedent for blockchain developers and, indeed, many others who contribute to open source software that is developed in a collaborative, public manner. Bitcoin, in common with many other decentralised and open source solutions, is ultimately free software that any developer can contribute to—be that a fulltime coder or merely a teenager experimenting with some coding after high school.
If Tulip succeeds at trial, all these developers could find themselves owing duties to any number of users, perhaps long after they stop working on a project, and potentially after having only been fleetingly involved with it.
Without any overarching organisation (or employer) to insure them, these developers would carry that risk personally, and many may therefore stop contributing to such projects as a result, unwilling to take on the risk.
It could also result in a shift whereby blockchains and operations such as bitcoin have to come under the control of a single entity to manage the risk. This has ramifications not just for cryptocurrencies like bitcoin, but the world wide web more widely.
Web 3.0, for example, presents a future vision of the Internet that is decentralised, where individuals own and govern sections of the Internet and their own data, rather than it being dominated by web giants like Google, Apple, Microsoft and Facebook. Decentralised finance, known as DeFi, is also a component of Web 3.0 that is growing in interest, executing real-world financial transactions on the blockchain without intermediaries such as banks.
All these protocols, applications and autonomous organisations are presently pursued on a decentralised basis, where they are controlled by members and contributors in a transparent way. If ‘decentralised’ is forced to become ‘centralised’ in consequence of Tulip, the benefits of secure, transparent, trustworthy and accessible decentralised protocols may be lost, and the judgment could ultimately result in a stifling of innovation.
It is worth bearing in mind that the Court has only granted permission for an appeal, however. As Birss LJ noted in the Court’s judgment, “for Tulip’s case to succeed would involve a significant development of the common law on fiduciary duties”.
The final decision will be eagerly awaited.