From Code to Courtroom: The Legal Reckoning of Web 3.0
16 June 2025
This article examines how traditional legal systems are grappling with the decentralised and borderless nature of Web 3.0 by analysing two pivotal cases,Tulip Trading Ltd v Bitcoin Association and Consensys v SEC, which were selected for their contrasting legal contexts but shared significance in testing whether existing legal doctrines can meaningfully adapt to decentralised technologies, or whether such technologies will be reshaped or even undermined by the pressures of legal enforcement.
In 2021, a man claiming to be Bitcoin’s creator lost access to $4.5 billion in digital currency - vanished not by theft in the traditional sense, but because a string of stolen private keys made the fortune irretrievable. He turned to the courts, not the code. In 2024, the creators of a crypto wallet enabling millions to access the Ethereum blockchain found themselves in the crosshairs of the U.S. Securities and Exchange Commission. Like others in the Web 3.0 world who once envisioned a system beyond law, Consensys also turned to the court, not the code.
As decentralised platforms collide with traditional legal systems, questions of jurisdiction, fiduciary duty, and enforcement are thrust into uncharted territory. Two landmark cases, Tulip Trading Limited v Bitcoin Association [1] and Consensys v SEC, [2] offer a revealing look at the legal fractures forming beneath the surface of Web 3.0.
Tulip Trading: $4.5 Billion Lost in a Hack
The Claimant in Tulip Trading (‘TT’) owned approximately $4.5 billion worth of Bitcoin that they lost in a hack when the private keys for the entire amount were stolen from the computer of Dr Craig Wright, the company’s CEO. Unable to retrieve the private keys, TT sued the developers of the respective Bitcoin network, asserting they owed fiduciary duties to implement patches that could restore the lost assets.
The Legal Question: Do Developers Owe Duties?
The High Court of England and Wales initially rejected the claim, siding with developers who argued that such duties clashed with Bitcoin’s decentralised design and could damage network trust, potentially rendering the business valueless. However, the Court of Appeal found there was a ‘serious issue to be tried’, not ruling on the duty’s existence but allowing the case to proceed to trial. Therefore, this issue might be again analysed during the trial, scheduled for 2025. However, as stated by the appeal judge ‘for Tulip’s case to succeed would involve a significant development of the common law on fiduciary duties’.
Implications: Property, Code, and the Limits of Central Authority
While cryptoassets have already been recognised as property under English law, [3] the case reveals how traditional property and fiduciary concepts strain under the demands ofdecentralised systems. Questions of jurisdiction become murky when ownership is defined by digital access rather than physical presence and enforcing judgments could destabilise the very networks in question. What value does a favorable judgment hold if enforcement itself diminishes or destroys the underlying asset’s worth?
The case also raises the problem of what decentralisation means, and whether the model can withstand practical debate. In this sense, the Law Commission of England and Wales notes in their ‘Digital assets and ETDs in private international law: which court, which law?’ Call for Evidence that truly decentralised applications of decentralised ledger technology (‘DLT’) will pose particular problems for private international law, given the difficulty in identifying any one location or justifying the reliance on one location as opposed to another. [4]
Indeed, if the truly decentralised model is to be followed to its end, and understood as intended by its creators, then the issue of omniterritoriality [5] seems insurmountable within the current private international law framework. That is because any connecting factor entails a level of centralisation or control that the model rejects. Imposing such connecting factors, therefore, has the potential of destroying trust in the mechanism which is the foundation for the business case. This was also one of the developers’ arguments in Tulip Trading. Consequently, if the business model is to be conserved, then a rethinking of the concept of jurisdiction when it comes to DLTs must be employed. Conversely, it may also be true that a rethinking will not materialise, and the ‘truly decentralised network’ business model will perish. However, as it stands, it seems that the two cannot coexist.
“The fundamental question emerges: can the law adapt to decentralisation, or will the decentralised model fail under legal pressure?”
Consensys v SEC: Jurisdiction vs. Innovation, What’s at Stake?
Another recent case reflecting this debate is Consensys Software, Inc. v. SEC, in which Consensys, the developer of MetaMask, challenged the jurisdiction of the U.S. Securities and Exchange Commission (SEC) over Ethereum transactions conducted through MetaMask. Consensys argued that the SEC was overstepping its bounds by attempting to
regulate Ethereum-based activities as if they were securities transactions. This case is important because it questions the SEC’s authority over decentralised platforms and could serve as a precedent for how decentralised applications are regulated in the United States. Consensys’ approach to the SEC’s assumption of jurisdiction is straightforwardly explained in their PR release in relation to their legal action:
‘If allowed to expand its regulatory purview, the SEC would effectively destroy value for hundreds of millions of ether holders and bring use of the Ethereum blockchain in the United States to a halt, crippling the technological evolution of the internet.’[6]
Subsequently, the SEC dismissed their pending enforcement action against Consensys. [7] It is not clear whether the SEC’s withdrawal was strategic, or if it signals uncertainty in enforcement approaches.
Broader Reflections: Legal Space in the Digital Era
Such cases demonstrate the inadequacy of traditional, geographically based legal concepts when applied to the internet. Legal systems heavily rely on spatial concepts (domicile, place of incorporation, place of substantial business activity) that do not translate well to the a- spatial, virtual reality of digital platforms (See further details here). Cyberspace, particularly in the truly decentralised Web 3.0, is marked by ubiquity, mutability, and a lack of central authority.
Cyberspace is not just metaphorically unstable (e.g., a ‘chat room’ vs. a physical room); its legal and operational structures are fluid by design. This creates systemic incompatibilities between law (which seeks fixed points of control) and platforms (which are fluid, global, and often anonymous).
If legal systems are to keep pace with technological innovation, they must evolve to accommodate non-traditional structures like DLTs. Without updated legal doctrines and international consensus, we risk either stifling innovation or allowing lawless zones to flourish in the digital frontier. There are current international legal efforts, such as the UNIDROIT Principles on Digital Assets and Private Law (2023), [8] the HCCH-UNIDROIT Digital Assets and Tokens Joint Project, [9] or the International Telecommunication Union’s DLT-focused working groups (notably Q17/16 and Q22/16), [10] which are developing regulatory and technical frameworks, and guidance. While such instruments are important and reflect a desire to establish a common denominator by harmonizing standards and private law treatment, they remain non-binding and lack any intrinsic enforcement mechanism.
[1] Tulip Trading Ltd v van der Laan [2023] EWCA Civ 83, available at https://www.bailii.org/cgi-
bin/format.cgi?doc=/ew/cases/EWCA/Civ/2023/83 last accessed 11 June 2025.
[2] Consensys v SEC, Case 4:24-cv-00369-Y.
[3] AA v Persons Unknown [2019] EWHC 3556 (Comm) available at <https://www.bailii.org/ew/cases/EWHC/Comm/2019/3556.html> last accessed 11 June 2025; D’Aloia v. Persons Unknown & Others [2024] EWHC 2342 (Ch), available at <https://knyvet.bailii.org/ew/cases/EWHC/Ch/2024/2342.html> last accessed 11 June 2025.
[4] The England and Wales Law Commission, ‘Digital assets and ETDs in private international law: which court, which law?’ Call for Evidence, 48, 3.142(1) available at <https://cloud-platform-e218f50a4812967ba1215eaecede923f.s3.amazonaws.com/uploads/sites/54/2025/01/Conflicts-full-document-FINAL-pdf-1.pdf> last accessed 10 May 2025.
[5] Matthias Lehmann, ‘Extraterritoriality in Financial Law’ in A Parrish and C Ryngaert (eds), Research Handbook on Extraterritoriality in International Law (2023) 427.
[6] Consensys, ‘Consensys sues the SEC in defense of the Ethereum ecosystem’, available at <https://consensys.io/blog/pr-consensys-sues-the-sec-in-defense-of-the-ethereum-ecosystem> last accessed 10 May 2025.
[7] U.S. Securities and Exchange Commission Litigation Release No. 26277 / March 27, 2025, Securities and Exchange Commission v. Consensys Software Inc., No. 24-cv-04578 (E.D.N.Y. filed June 28, 2024).
[8] UNIDROIT, Digital Assets and Private Law, Principle 2(2) (2023) available at <https://www.unidroit.org/wp-content/uploads/2024/01/Principles-on-Digital-Assets-and-Private-Law-linked-1.pdf> last accessed 13 June 2025.
[9] More details available at <https://www.hcch.net/de/news-archive/details/?varevent=913> last accessed 13 June 2025.
[10] ITU Focus Group on Application of Distributed Ledger Technology documents available at <https://www.itu.int/en/ITU-T/focusgroups/dlt/Pages/default.aspx> last accessed 13 June 2025.
About the author:
Ioana Bratu is an arbitration lawyer (qualified in England and Wales), specializing in jurisdiction, conflicts of legal orders, and systems theory. She holds a PhD in Law and Technology, jointly supervised by Dr Robert Herian (University of Exeter) and Dr Charles Barthold (The Open University), UK.
