A company operated by a man claiming to be Satoshi Nakamoto, the pseudonymous author of the white paper 'Bitcoin: A Peer-to-Peer Electronic Cash System', has had service of its claim form set aside in proceedings concerning bitcoin said to be worth approximately £3 billion.
Although the judgment arises out of a jurisdiction challenge, rather than a full trial on the merits of the case, it raises important issues about the recourse that bitcoin owners have if private keys are lost, and provides some interesting insights into the approach of the English courts in the developing area of cryptoasset disputes.
Background to the claim
In the claim, the claimant company asserts that it is the owner of bitcoin worth approximately £3 billion, but that it lost control of those assets as a result of a hack on the computer of its England-based CEO, during which the private keys necessary to access and control the bitcoin were taken.
The claimant claims that the defendants are the core developers or controllers of the software of four relevant digital asset networks and, as such, have the ability to assist the claimant in regaining control of its bitcoin. It seeks a declaration that it owns the relevant assets, and argues that the defendants owe the claimant fiduciary or tortious duties to assist it in regaining control of the bitcoin, which it says they could easily do through deployment of a software patch.
None of the defendants are based in England, and so the claimant obtained permission to serve the proceedings out of the jurisdiction. Most of the defendants challenged the English court's jurisdiction to hear the dispute. While a significant number of factual issues are in dispute (including the ownership of the assets, whether a hack occurred, and whether the defendants in fact control the networks and can take the steps the claimant seeks) those are yet to be determined.
Background – Permission to Serve Proceedings out of the Jurisdiction
In brief, when determining whether permission should be (or have been) granted to serve proceedings out of the jurisdiction, the claimant must satisfy the court that:
- There is a serious issue to be tried (a question of fact or law) which has a real prospect of success;
- There is a good arguable case that the claim falls within one of the specified procedural "gateways" which allow the claim to be served out of the jurisdiction; and
- England is the appropriate forum for trial of the dispute; and the court ought to exercise its discretion to permit service out of the jurisdiction.
In this article, we focus on some of the key findings of interest in the context of cryptoasset disputes.
Serious issue to be tried?
In her judgment, Mrs Justice Falk was satisfied that there were factual disputes as to the ownership of the bitcoin and whether the alleged hack occurred, and that these were serious issues to be tried. It has already been established in other cases before the English courts that cryptoassets such as bitcoin are property which will be protected in this jurisdiction (see further below).
However, "even assuming that the (heavily disputed) facts were all decided in [the claimant's] favour", she found it was not seriously arguable that the defendants owed the claimant fiduciary or tortious duties to assist in regaining access to and control of those assets when the claimant's private keys were lost or stolen.
A fiduciary relationship entails undertaking an obligation of loyalty, by which the fiduciary will act only in the interest of his or her principal, and not adverse to those interests.
The judge noted that the defining characteristic of a fiduciary relationship is the obligation of undivided loyalty, but the steps the claimant was asking the defendants to take would be for its benefit alone, not for the benefit of other users. Indeed, she noted (at  – ) that what the claimant was seeking for its benefit was arguably contrary to the fundamental expectations of other bitcoin users:
"It is uncontroversial that a fundamental feature of the Networks… is that digital assets are transferred through the use of private keys. [The Claimant] effectively seeks to bypass that. There must be a real risk that acceding to [the claimant's] demands would not be consistent with a duty of single-minded loyalty owed to other users… some users may not agree that a system change that allowed digital assets to be accessed and controlled without the relevant private keys, contrary to their understanding of how the system is intended to operate, accords with their interests"
In the circumstances, she found it was not seriously arguable that the defendants owed the claimant a fiduciary duty.
The claimant also argued the defendants were in breach of a tortious duty of care for failing to include safeguards in the software against third party fraud, or a means for those who have lost private keys to access their assets.
As a matter of law, the judge noted that there were established categories of duty of care, and that these should be developed only incrementally, by analogy with the existing categories. Given that the claimant's alleged loss was also purely economic, the court would only impose a duty of care if there was a special relationship between claimant and defendant, or an assumption of responsibility on the part of the defendants. These are longstanding principles, being considered and applied in a very new scenario. The judge did not consider it realistically arguable that the requisite special relationship existed between the claimant and defendants to found a duty of care.
Further, even if such a special relationship did exist, in the judge's view there were additional considerations which would make the imposition of a duty of care unworkable:
- First, the nature of digital assets means that the duty of care proposed by the claimant would be owed to an unknown and potentially unlimited class of users – there would be no real restriction on the number of persons who may lose their private keys or have them stolen;
- Second, the scope of the duty was wide - if a duty of care was imposed, then the defendants would be obliged to investigate and address any such claim of loss, and it was difficult to see how they would do so (notwithstanding the transparency afforded by distributed ledger technology), given the inherent anonymity of the system and the scope for off-chain transactions; and
- Further, the developers were also a fluctuating body of individuals – the court could not feasibly impose a duty of care which would effectively require individual developers to continue to be involved and make changes required by asset owners.
In all the circumstances, the judge did not consider the claimant could seriously argue that imposing a duty on the defendants to make changes to how their networks work (and were intended to work) was an incremental extension of the law. Imposing such a duty of care on the defendants would not be fair, just and reasonable.
What can bitcoin owners expect?
Also of interest though is that the judge did note certain more limited expectations that bitcoin owners may potentially have of the software developers. For example, she said that a holder of digital assets on the defendants' networks will have expectations about their anonymity, the security of the network and private keys, and the efficacy of the "proof of work" processes. She also suggested it might be arguable that, when making any software changes, developers assume some level of responsibility not to harm users by introducing malicious bugs or compromising security, and that they might conceivably owe a duty to address bugs and defects arising in the operation of the system. However, she also noted that owners should take steps to protect themselves – by storing copies of private keys in different locations, and possibly by obtaining insurance.
The procedural gateways
Having decided the claimant had no realistic prospect of establishing that the defendants owed it fiduciary or tortious duties, service of the claim form out of the jurisdiction would be set aside, and it was not therefore necessary to consider the remaining tests for service out of the jurisdiction.
However, for completeness the judge did give her views on both the relevant procedural gateways and the appropriate forum for the dispute which, again, are of general interest in the context of crypto disputes.
Location of cryptoassets
One of the procedural 'gateways' allowing a claimant to serve proceedings out of the jurisdiction is where the dispute concerns property located within the jurisdiction. The court was satisfied that the bitcoin in dispute constituted property (in this regard the court referred to the UK Jurisdiction Taskforce's Legal statement on cryptoassets and smart contracts, but it has also been considered in a number of recent English cases).
However, the defendants contested whether that property was located in England, arguing that the bitcoin should instead be considered to be located at the claimant's place of incorporation, in the Seychelles. In the judge's view though, the claimant had a good arguable case that its place of residence (England) rather than its domicile (the Seychelles) should determine where the assets were located.
Location of damage
Another 'gateway' allows a claimant to serve proceedings out of the jurisdiction where the claimant can demonstrate that damage was suffered within the jurisdiction. Again, the judge found that the claimant had the better of the arguments – since the evidence indicated the claimant was resident in England, and its loss of control of the assets was directly experienced in England, there was a good argument that the damage was suffered here. Although the defendants submitted that, technically, the assets could be accessed (and thus damage suffered) anywhere, on the evidence available the judge found it was hard to see how damage in this case could be said to be sustained anywhere but England.
Finally the judge confirmed that, had there been a serious issue to be tried, she would have been satisfied that England was the appropriate forum for trial. Although the claimant was a Seychelles company, it was arguably resident in England, and its agent, key witness and documents were in England. The claimant also had good arguments that the assets are located in England and damage would be suffered in England. Notwithstanding that none of the defendants were based in England, there was no other jurisdiction with a closer link to the dispute.
What the case tells us about the English courts' approach to crypto disputes
Although the court in this case was not satisfied that the claimant had real prospects of success on the merits of its claim, the judgment is nonetheless interesting for its engagement with this developing area – perhaps particularly for the obiter comments on appropriate forum and the gateways for jurisdiction. The judgment, like others in recent years, demonstrates that the English court is inclined to exercise jurisdiction in this emerging area, even when the actors are geographically widespread. It also demonstrates a pragmatic, rather than formalistic approach to matters of substance, for instance where digital assets are deemed to be located. However, the claimant's failure on the merits in this case suggests that while keen to accept jurisdiction, the courts may be more circumspect about developing the law, and will do so by increments. As Mrs Justice Falk noted, the Law Commission is currently undertaking a project on digital assets, and broader changes of law and policy are matters for the Law Commission and Parliament.
Further details of the case can be found via Tulip Trading Ltd v Bitcoin Association For BSV & Ors  EWHC 667 (Ch) (25 March 2022)
If you would like to know more about protecting your cryptoassets, or to discuss any of the points in the article further, please contact Catherine Naylor or Helen Davenport.