“Fiduciary duties in a decentralised world?”
The informal relationship between software developers who work on public blockchains and the users of those blockchains has been the subject of debate. However, a recent decision of the Court of Appeal in the UK suggests that that relationship might soon become more formal, at least in the UK.
In a judgment handed down in February 2023, in a case referred to as Tulip Trading, the Court of Appeal in the UK held that software developers who contribute to the maintenance and development of public blockchains may owe fiduciary duties (i.e. duties of single minded loyalty) to the users of those blockchains. The Court of Appeal’s decision related to four bitcoin blockchains and does not necessarily extend to other public blockchains.
The High Court in London will now consider whether developers of the four bitcoin blockchains at issue in fact owe fiduciary duties to their users and the scope of those duties. If the High Court finds that such duties exist, the ramifications for both developers and users could be significant, though much will depend upon the scope of the fiduciary duties and whether any decision is more widely applicable to other public blockchains.
I. Tulip Trading Limited v Bitcoin Association for BSV & ors
Tulip Trading arises out of an alleged incident on 5 February 2020 where hackers stole a small amount of bitcoin along with the encrypted private keys for a large amount of bitcoin (US$ 4 billion in April 2021) owned by a company called Tulip Trading Limited (“Tulip Trading”). Tulip Trading is a Seychelles company associated with Dr. Craig Wright who claims (subject to much debate) to be Satoshi Nakamoto, the author of the bitcoin white paper.
Following the hack, Dr. Wright informed the police, but no material progress has been made towards identifying the perpetrators. The bitcoin remains undisturbed at the two addresses "1Feex" and "12ib7" at which it is held on four separate blockchains: Bitcoin (BTC), Bitcoin Cash (BCH), Bitcoin Cash ABC (BCH ABC) and Bitcoin Satoshi Vision (BSV).
Tulip Trading would like the software developers who most centrally contribute to the maintenance of the four bitcoin blockchains to propose changes to the blockchains that would restore Tulip’s access to the stolen bitcoin. It therefore commenced proceedings before the High Court in London against known developers of all four blockchains seeking an order that they restore access to the bitcoin in one of two ways:
- Proposing changes to the blockchain software to effect a transfer of the bitcoin to a new address with new private and public keys; or
- Proposing changes to the blockchain software that would restore access to the bitcoin at its existing locations (for instance by assigning replacement private keys to the existing addresses).
Tulip Trading’s case is that the developers effectively control these four networks because they have the passwords needed to effectuate changes to the software, and the likelihood that any changes they proposed would not be implemented is small. Although miners have the power not to implement a proposed change, if a miner’s node were to fail to apply a software update, then it would become unable to mine the network, which would be against its commercial interests.
The defendant developers do not accept that characterisation of their role and argue that both of Tulip Trading’s proposed solutions go against the core values of bitcoin. They say that they operate a decentralised model in which, to the extent that they are involved in software development, they are part of a very large and shifting group of contributors without an organisation or structure. Further, any change that they could be ordered to propose would be ineffective, because miners could refuse to run it and instead continue to run earlier versions of the software (i.e. fork the chain).
In response to those arguments, Tulip Trading maintains that there is no mechanism among bitcoin miners that could allow for a collective refusal to accept a software update. A fork of the bitcoin networks would only be created if some of the bitcoin developers (who are all parties to the proceedings) refused to make the change.
II. The basis of the claim: fiduciary duties
Leaving aside the practicalities of whether the proposed patches could be devised and implemented, Tulip Trading must establish a legal theory under which the developers are obliged to assist in restoring access to the lost private keys. Tulip Trading contends this theory is that the developers owe it (and all other users of the four blockchains) fiduciary duties.
Under English law, fiduciary duties arise when one person has assumed responsibility for the conduct of another’s affairs. A fiduciary is someone who has undertaken to act for or on behalf of another in circumstances which give rise to a relationship of trust and confidence. The distinguishing obligation of a fiduciary is the obligation of loyalty; the principal is entitled to the single-minded loyalty of his fiduciary and cannot at the same time act for himself.
The Court of Appeal analyzed the relationship between bitcoin developers and users of the four bitcoin blockchains (which may not apply equally or at all to other public blockchains) as follows:
- Bitcoin is a form of property similar to a physical coin in that it has characteristics which exist outside the minds of the people who use it (i.e. it has value and can be used as a currency). However, those characteristics (in relation to bitcoin) only exist inside computers as a consequence of the bitcoin software and, crucially, it is the developers who control this software.
- The bitcoin developers’ role involves the exercise of authority, given to them by their control of access to the source code, and it is a decision-making role, in effect making decisions on behalf of all the participants in the network, including miners and users/owners of the bitcoin.
- There does appear to be a duty on the bitcoin developers not to introduce a feature for their own advantage that would compromise the users' security, that is, a duty that involves the abnegation of the developers’ self-interest. That is arguably a fiduciary duty.
- Bitcoin developers regularly fix bugs in the bitcoin blockchains by updating the code. There may well not be a consensus amongst bitcoin owners that a given bug should be fixed in a particular way or at all. But the developers still make a decision to make a change or not. The fact there may not be a consensus amongst owners underlines the fact that bitcoin owners really do place trust in the developers to make good decisions on their behalf.
- It is arguable, therefore, that bitcoin owners have placed their property into the care of the bitcoin developers in the form an “entrustment”, which gives rise to fiduciary duties.
The Court of Appeal’s views are preliminary in the sense that they were only concerned with whether the existence of fiduciary duties was properly arguable. The Court held that it was and remitted the case back to the High Court in London. The High Court will now consider the existence and scope of fiduciaries duties and will give careful consideration to the views of the Court of Appeal in reaching its decision. Whether the High Court will find such duties exist or that they extend so as to place the bitcoin developers under a positive obligation to assist in the restoration of lost or stolen private keys remains to be seen.
Tulip Trading is concerned only with the four bitcoin blockchains BTC, BCH, BCH ABC and BSV. Importantly, the process by which blockchain protocols are updated is not uniform across blockchains. For example, Ethereum has a more formal protocol by which software updates can be proposed and implemented, and Cardano intends to adopt a process by which stakeholders will be able to vote upon proposed changes to the protocol. The level of control developers have over blockchain protocols, which is a key element in the Court of Appeal’s reasoning above, therefore, varies significantly across blockchains. This suggests that, even if the core developers of the bitcoin blockchains are found to be subject to fiduciary duties, that reasoning may not extend to other blockchains.
III. Lack of clarity in the US
Unlike in the UK, a case dealing with whether blockchain developers owe a fiduciary duty to platform users has not yet arisen in the United States. However, there has been academic debate on the topic. In an article entitled “In Code(rs) We Trust: Software Developers as Fiduciaries in Public Blockchains” (“Walch”), Angela Walch argues that developers of public blockchain systems are fiduciaries and owe a duty to users. On the other hand, Raina Haque and coauthors have published an article that supports the contrary view entitled “Blockchain Development and Fiduciary Duty” by (“Haque”).
Walch focuses on what she calls a “myth” of decentralized governance in public blockchains. She describes the issue of whom, and in what capacity, the trust of users of the blockchain platforms is placed upon. Walch points out that these blockchain systems “operate money, smart contracts, and potentially many other critical human practices” and that “people continue to lead and make important decisions on behalf of others” despite blockchains being viewed as “trust-minimized” systems. Walch describes how activities performed by developers are a significant part of the governance of public blockchains, then compares those activities to the basic concept of a fiduciary. Walch concludes that activities undertaken by developers “bear a strong resemblance” to those of a fiduciary.
Haque takes the opposite view. In addition to addressing blockchain governance and protocol development, Haque describes how a corporate fiduciary duty would be an “improper fit” and directly disagrees with the approach in Walch. Haque argues that fiduciary obligations are deterrence tools and apply in certain relationships where the beneficiary is susceptible to abuses of power such as where the fiduciary acts in an “unobservable and discretionary manner.” Haque describes how protocol developers and platform users do not fit the relationship typically leading to fiduciary obligations and argues that developers voluntarily and collaboratively make contributions, there is no expectation of an agency relationship, they do not make the representations of a fiduciary, do not have the ability to bind participants or be bound by network participants, and there is no delegation of power or property.
It remains to be seen which of the above views US courts ultimately find attractive, or whether US courts will adopt another approach entirely. Notably, US requirements in relation to establishing fiduciary duties also bear some similarities to those in the UK and the Tulip Trading case could be persuasive to US courts grappling with similar questions. As noted above, however, in both the US and the UK there could be important bases for distinguishing and limiting the applicability of Tulip Trading to other blockchain developers.
IV. Jurisdiction issues
If the UK courts ultimately find that developers of the four bitcoin blockchains (or other blockchains) owe fiduciary duties to users of those blockchains, there would be significant scope for developers to be dragged into litigation in the UK.
Jurisdiction over these types of disputes in the UK depends on where the relevant property is located. In determining that question for cryptocurrency, courts look at the residency of the alleged owner of the cryptocurrency. If the owner resides in the UK, then UK courts will accept jurisdiction over the dispute.
In practice, this means that, as happened in Tulip Trading (where all 16 defendants are resident outside the UK), developers wherever they are situated in the world may become subject to the jurisdiction of the UK courts.
The Court of Appeal specifically rejected an argument that the UK courts should not hear such claims because developers might be exposed to competing judgments in different courts. Although the Court accepted that concern as real and not fanciful, it would, taken to its logical limit, apply to every court and would lead to the conclusion that there is no court which could adjudicate the claim. The Court of Appeal held that such a conclusion could not be correct and repeated its view that the internet is not a place where the law does not apply.
V. Takeaways for blockchain developers and users
It is possible, but by no means certain, that UK courts will ultimately conclude that developers of public blockchains (or at least the four bitcoin blockchains at issue) owe fiduciary duties to their users. Such a conclusion, depending on the scope of the fiduciary duties, may have wide-reaching ramifications for both developers and users. However, much remains uncertain including the scope of any such duties and whether the finding would have wider application to other blockchains.
For developers, a key consideration is that any finding that fiduciary duties are owed will have retrospective effect, meaning developers will have owed fiduciary duties from the moment they took on their roles as developers. In practice, this means that blockchain developers, if they wish to limit any potential exposure, should ensure they take decisions in relation to updating blockchain software which are in the best interests of their users. They should also be aware of the risk of acting for their own benefit.
For users of blockchains, a finding of a fiduciary relationship may open up important new remedies against developers in the event that they act against the users’ interests. If Tulip Trading is ultimately successful in obtaining an order for the restoration of its lost bitcoin, then users may also gain access to powerful new remedies in the event their private keys are lost or stolen.
If you have any questions about the issues addressed in this memorandum, or if you would like a copy of any of the materials mentioned in it, please do not hesitate to reach out to:
  EWCA Civ 83. https://www.bailii.org/ew/cases/EWCA/Civ/2023/83.html
 Formally, anyone is able to propose changes to the bitcoin blockchains. However, Tulip Trading’s case is that it is only the key individuals with the passwords to the relevant GitHub code databases that in fact have the power to implement any proposed changes.
 Bristol and West Building Society v Mothew  Ch 1. The defining duties of a fiduciary include:
- a fiduciary must act in good faith;
- a fiduciary must not make a profit out of his trust;
- a fiduciary must not place himself in a position where his duty and his interest may conflict; and
- a fiduciary may not act for his own benefit or the benefit of a third person without the informed consent of his principal.
 Digital Commons at St. Mary’s University School of Law in San Antonio, Texas (Regulating Blockchain: Techno-Social and Legal Challenges, 58-81 (Philipp Hacker, et. al, eds., 2019)
 Stanford Journal of Blockchain Law & Policy (Vol 2.2, pp. 139-188 (2019))