Leaps of faith: searching for accountability in a trustless environment

In this article we look at two cases heard in 2022: Tulip Trading Ltd (TTL) v. Bitcoin Association for BSV and others; and D’Aloia v. (1) Persons Unknown (2) Binance Holdings Limited and others^[1], and consider what they can tell us about the evolving relationship between blockchain, trust and accountability.

In the beginning, there was Bitcoin

Absence of a central, trusted authority is an integral feature of permissionless blockchains. In 2008, Satoshi Nakamoto’s seminal white paper launching the Bitcoin network foregrounded the ‘inherent weaknesses of the trust based model’ where internet commerce relies ‘almost exclusively on financial institutions serving as trusted third parties to process electronic payments’.^[2] Nakamoto (a person or persons unknown) argued that, since financial institutions ‘cannot avoid mediating disputes’, there is always a possibility that transactions will be reversed, and, crucially, ‘with the possibility of reversal, the need for trust spreads’. For Nakamoto, this need for trust manifests in merchants demanding a great deal of information from their customers, and even then a certain percentage of fraud being considered unavoidable. Nakamoto concluded that while ‘these costs and payment uncertainties can be avoided in person by using physical currency…no mechanism exists to make payments over a communications channel without a trusted party’.

The rest of the story will be familiar to most with an interest in this area. To tackle the trust conundrum, Nakamoto proposed ‘an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party’. Moreover, making transactions ‘computationally impractical to reverse would protect sellers from fraud’ (or, as we might conceive of it, certain kinds of fraud).^[3]

From our vantage point in 2022, we can see that the crypto story has evolved significantly since 2008. Gone is the Silk Road – a platform which sprung up in 2011, where bitcoin was traded for illegal goods, and which eventually succumbed to the FBI crackdown on its activities in 2013. Burst, too, has the initial coin offering or ‘ICO’ bubble of 2017, as it transpired that the majority of offerings at that time were scams.^[4] Today, financial products and currencies underpinned by blockchain and other distributed ledger technologies rub up against their traditional counterparts in the competition for investor attention, the recent crypto winter notwithstanding.

In this newfound commercial context it is pertinent to ask whether the ideas about trust in Nakamoto’s white paper—namely, whether it can be replaced in a satisfactory manner by cryptographic proof—still hold. A suitable test has presented itself in the form of two cases that emerged this year: Tulip Trading Ltd (TTL) v. Bitcoin Association for BSV and others (‘Tulip’), and D’Aloia v. (1) Persons Unknown (2) Binance Holdings Limited and others (‘D’Aloia’).

Testing trust: Tulip and D’Aloia

Both Tulip and D’Aloia speak directly to the tensions that can arise where there is a trustless means of holding and transferring vast sums of money. At their core, both raise questions about accountability when things go awry.

Tulip

In Tulip, the facts of the case (which are relevant to this particular point) are as follows:

1. Tulip Trading Ltd (‘TTL’), the claimant, brought a claim for declaratory relief and court orders to recover control of a substantial amount of cryptocurrency (seemingly $4.5 billion worth) which it claimed to own. The defendants, whom the claimant alleged were the core developers and/or controllers of the software underlying the relevant Bitcoin networks, challenged the permission granted to the claimant to serve its claim out of jurisdiction. 
2. TTL alleged that hackers had gained access to a computer system located at the home of its CEO, and had removed encrypted files containing the private keys needed to deal in the relevant cryptocurrency. TTL claimed the defendants could implement a software patch enabling it to regain control of its cryptocurrency and, moreover, that the defendants owed fiduciary and/or tortious duties requiring them to take such steps.
3. The Court found that TTL had no realistic prospect of establishing either a breach of fiduciary or tortious duty, and set aside the claimant’s permission to serve out of jurisdiction.
   1. Falk J rejected TTL’s argument that the relationship between digital asset owners and developers gives rise to a fiduciary duty or had a fiduciary quality. In reaching this conclusion, emphasis on was placed on the fact that the defendants were a ‘fluctuating, and unidentified, body of developers’,^[5]  and the owners were an ‘anonymous and fluctuating class with whom the Defendants have no direct communication, and certainly no contractual relationship’.^[6] Falk J further commented on the apparent contradiction that, should the relationship between the Defendants and bitcoin owners be deemed to have a fiduciary quality, then TTL’s sought-after software patch could act to the disadvantage other users.^[7]
   2. Highlighting: (a) the purely economic nature of the loss caused by the unconnected third party hackers; (b) the law’s reluctance to impose liability for omissions; (c) the absence of any special relationship between TTL and the defendants (having rejected the fiduciary claim described above); and (d) the unknown and potentially unlimited class of persons to whom the duty could be owed, Falk J also rejected the argument that a tortious duty of care should be extended, incrementally, to the relationship between developers and bitcoin owners.
4. The Court did, however, leave room for similar cases to succeed in the future. Falk J stated that if the defendants had acted in their own interests and contrary to the interests of owners, ‘for example in introducing for their own advantage a bug or feature that compromised owners’ security but served their own purposes’, then it is possible that ‘some form of duty could be engaged…although whether it would be properly characterised as a fiduciary duty is another matter’.^[8] Further, TTL was granted leave to appeal on the basis that the issue examined ‘is one of considerable importance and is rightly characterised as a matter of some complexity and difficulty’.^[9]

Notably, the Bitcoin Association has subsequently settled with TTL on the basis that the Association already intended to release software ‘with the aim to allow miners to freeze coins which are determined by valid legal process to be lost or stolen, such that they may be returned to their rightful owner’.^[10]

D’Aloia

In D’Aloia, in addition to appraising whether proceedings can be served via an NFT airdrop, the Court considered the following facts:

1. Mr D’Aloia, the claimant, alleged that he had been the victim of a scam whereby he had been induced to transfer approximately 2.1 million USDT and 230,000 USDC from his Coinbase and Crypto.com wallets into wallets operated by a web platform fraudulently claiming to be connected to a legitimate online brokerage (the ‘Persons Unknown’). Discovering that his trades had been closed and his account blocked, the claimant instructed an intelligence investigator which established that a major part of the cryptocurrency that Mr D’Aloia had transferred had found itself into one or more wallets held with Binance and other cryptocurrency exchanges. 
2. The claimant advanced claims against the first defendant, the Persons Unknown, in fraudulent misrepresentation and deceit, unlawful means conspiracy, and unjust enrichment. The claimant further pursued a claim in constructive trust not just against the first defendant, but the second to seventh defendants, that is, those who controlled or held the exchanges into which it was possible to trace the relevant cryptocurrency. The claimant sought freezing relief in respect of the cryptocurrency held in wallets, and a Bankers Trust disclosure order against the exchanges.
3. The Court found that there was a good arguable case that the claimant had a claim in constructive trust against both: (a) the Persons Unknown who had misappropriated the cryptocurrency and (b) those defendants controlling and holding the exchanges into which it was possible to trace the relevant cryptocurrency, where they were deemed to have sufficient control over the wallets in question. Trower J noted that given, for example, Binance Holdings Ltd’s ability to control the relevant Binance wallets, it was likely that it would come under the duties of a constructive trustee for the claimant.^[11]

Searching for accountability

Nakamoto sought to avoid the messiness of mediation through a trustless, immutable ledger. But Tulip and D’Aloia show that things go wrong, money gets lost, and people demand that someone be held responsible. Should interlinkages between crypto and the traditional financial system continue to develop, the clamour for accountability will only increase. 

The courts have sought to address this tension by turning to the tools at their disposal: fiduciary duties, duties of care and constructive trusts. Here we witness the realisation of Nakamoto’s desire to bypass the mediation of disputes by financial institutions, only to run into the mediation of the courts. This reflects the fact that the courtroom, wielding the authority of the state, will always be an attractive option for those who have suffered losses. It is striking, moreover, that some crypto actors themselves recognise the authority and importance of this legal mediation. The Bitcoin Association, in settling with Tulip, observed that software allowing miners to freeze coins which are determined by valid legal process to be lost or stolen, such that they might be returned, ‘would help to engender more confidence in Bitcoin among everyday users, businesses and government agencies, and lead to wider adoption of Bitcoin’s innovative technology.’^[12]

But Tulip and D’Aloia also suggest that the tools of the court could be limited in the absence of a contractual relationship and/or a touchpoint which bears a resemblance to a traditional financial institution or financial market infrastructure; in the case of D’Aloia, cryptocurrency exchanges with control over wallets. Indeed, in Tulip Falk J hinted at the fact that, to some extent, individuals who engage with crypto can expect to be held accountable to themselves.^[13]

It is likely that these tensions around trust and accountability will be addressed primarily via financial regulation.  As we explore in the Legal 500 blockchain chapter for the UK, the regulatory project to mitigate the risks posed by crypto—both to consumers and to financial stability—is well underway. And yet, questions remain about the penetration of regulation in a digital decentralised context, particularly in light of the rapid growth of decentralised finance or ‘DeFi’. In the words of the FCA itself, ‘because of the decentralised way that these speculative tokens are created’ business will need to bring themselves ‘firmly within our reach, with people and resources we could access in order to supervise and enforce our requirements’.^[14]

This article has suggested that, in 2022, Nakamoto’s dream of dispensing with trusted intermediaries comes under stress when faced with a fundamental need for accountability. As a concluding thought, it is of interest that the Bitcoin Association considered their software release allowing miners to freeze lost or stolen coins (as determined by an external legal authority) to be ‘in line with Satoshi Nakamoto’s Bitcoin whitepaper’.^[15] This was on the basis that, in the Nakamoto whitepaper, ‘there are 19 references to “owner”, a legal term of art distinct from the possession of keys’—seemingly implying that an owner can have a valid claim to bitcoin that is separable from possession of a private key—and that ‘the final line states: “Any needed rules and incentives can be enforced with this consensus mechanism.”’^[16]  Perhaps, then, the contemporary search for accountability can be viewed as an evolution of Nakamoto’s ideas, rather than a total departure.