In a fascinating court case involving perhaps the best known players in the crytocurrency sector, old legal principles were used to try to solve a new problem.
The claim relates to very substantial digital currency assets that Tulip Trading Limited (TTL) claimed it owned but is currently unable to control or use. Following what it says was a hack of computers at the home office of Dr Craig Wright, its primary owner, the company allegedly lost access to more than 111,000 bitcoins. TTL is a company incorporated in the Seychelles and controlled by Dr Wright, an Australian computer scientist and businessman who claims to be Satoshi Nakamoto, the inventor of Bitcoin. The court was told that the result of the hack was to remove from those systems the “private keys” which would allow dealings in the assets, and information that would allow access to those keys.
The argument was whether the English court had jurisdiction to hear the claim, and much of the discussion focused on the test to be applied when jurisdiction is challenged. However, another key aspect was whether the claim had any merit at all, which is what we shall focus on in this article.
The founder of Bitcoin vs Bitcoin
What is interesting about this case is that, in simple terms, the claimant was attempting to argue that the defendants (collectively Bitcoin) should help him get his account back up and running because they had the means to do so, and were the only people who were able to help. In deciding that the case had no merit, the judge cited the fact that the defendants had not played an active role in the alleged loss of the digital coins.
The judge said:
“This is not a case where it is alleged that, in making an update to the software, the Defendants acted in their own interests and contrary to the interests of owners, for example in introducing for their own advantage a bug or feature that compromised owners’' security but served their own purposes. I can see that it is conceivable that some form of duty could be engaged in that situation, although whether it would properly be characterised as a fiduciary duty is another matter. At least it could be said that in that situation the developers making the update had arguably assumed some responsibility by performing that function, although I think it is much more doubtful whether that would amount to a relationship requiring single-minded loyalty. In contrast, what is sought to be imposed here is a positive duty to alter software to introduce a patch to allow TTL to regain control of its assets.”
The case was also presented on the basis of a breach of duty of care. This also failed. The judge adopted a similar analysis:
“As already indicated, the complaint made is of failures to act. Further, the failures alleged are failures to make changes to how the Networks work, and were intended to work, rather than to address a known defect. In addition, there is no allegation that any of the Defendants had any involvement with the alleged hack, or that they have done anything to create or increase a risk of harm. Rather, what is complained of is that the Defendants have not taken action to alter how the system works to ensure that TTL regains control of the bitcoin following harm allegedly caused by a third party. That would require both
a) the existence, solely by virtue of the Defendants’ alleged control of the Networks, of a special relationship that continues even if no steps are actually being taken to alter software; and
b) a requirement to take positive action to make changes, and in circumstances where there is no known bug or other defect preventing the software from operating as anticipated.”
The judge was also concerned about the practical consequences if a duty of care was imposed, namely that this would lead to an untold number of future claims. He said:
“By definition the potential class in this case is unknown and potentially unlimited. As Mr Thorne [counsel for two of the defendants] pointed out, there would be no real restriction on the number of claims that could be advanced against the Defendants by persons who had allegedly lost their private keys or had them stolen.”
While the facts of this case involved cryptocurrency and a relatively specialist trading platform, it will be of interest to any online platform that holds valuable assets for customers. That may be precious family photographs or it may be millions of dollars’ worth of cryptocurrency. Most platforms will have a reset feature but some, as in this case, will not if the essential private key is lost.
The lesson for users of these services is also clear – keep your keys in a safe place!