It’s been another interesting day in the wilderness that is NFT-land. While many people (myself included) have spent a good part of the legal commentary on the NFT art market, the most valuable tokens can be found in collectibles, these usually take the shape of a stock character that is then changed with different characteristics, such as glasses, hats, and clothing. One of the most successful collectibles is the Bored Ape Yacht Club (BAYC), with their collection of 10,000 apes that have an accompanying NFT.
BAYC is a very interesting project for many reasons, and not only because of the prices they’re fetching. The NFT ownership is not only for the underlying art, but having an NFT allows the owner to enter an exclusive space called The Bathroom, which can only be reached by having ownership of the NFT in one’s wallet. The second interesting part of BAYC is that they are a project with explicit terms and conditions about the ownership. While in most collectible projects the creators retain all copyright and ownership of the images, BAYC licences the copyright to the token owner. We’ll discuss the legal issues later.
So we jump to the present, where motivational speaker Calvin Becerra claims to have had three Bored Apes stolen (Apes #9564, #2031, and #9985). The theft (or hack, scam, exploit, delete as appropriate) was performed when Becerra was approached by potential buyers on Discord. The scammers claimed to have had problems with the transaction, and they walked him through some settings in his Metamask wallet to help him finalise the transfer. It’s not clear what they did exactly, but whatever happened he transferred ownership of the apes to the fraudsters.
Major news! All three of these @BoredApeYC were hacked tonight over discord. Guys posing as buyers in discord were helping me trouble shoot a problem we thought was happening. They walked me through language settings in my MetaMask and had me chose an option and took everything. pic.twitter.com/mB3QA4PbTB
— Calvin Becerra (@calvinbecerra) October 30, 2021
Becerra took to Twitter and to the community to try to get some redress. In what I believe to be a highly relevant and extremely interesting development, three of the major NFT platforms removed the three tokens from sale, they were flagged and now are not available on NFT Trader, OpenSea and Rarible (see for example here, here, and here). The contracts for each ape are still on the blockchain, and in principle can still be traded (for example here), but they can’t be listed on any of the major platforms. Becerra announced the removal on Twitter.
UPDATE! @opensea @rarible @NftTrader all have done the RIGHT THING. They all banned my stolen apes from being sold on their sites. No one wants to buy a stolen car, yet alone STOLEN ART! Attention hackers you better start negotiating with me if you want any mor eth. Or none. pic.twitter.com/mCTTM00bv9
— Calvin Becerra (@calvinbecerra) October 31, 2021
The stolen apes have therefore been removed from the marketplaces, and Becerra is looking to regain control of the apes. His note to the scammers has now itself been turned into an NFT. You couldn’t make this up.
This is fascinating for all sorts of reasons, not least because I believe that it could prove to be a defining point in how future hacks are handled, but it is also an interesting illustration of the very nature of NFTs, and the underlying ownership issues.
The first question is about the ownership of the Ape, and whether this could be considered theft in a legal sense. While I have been thinking about NFTs mostly from a copyright perspective, this opens the question about whether they can be considered an asset of some form, and if there is indeed some sort of theft. I am not a criminal lawyer and this is an area in which I am not very familiar, but it seems to me that given the money spent on these tokens, there is no question as to their value, so I can imagine these assets falling under some legal definition of theft, I am thinking of something akin to stealing bonds, or maybe even fits as some form of computer misuse. (edit: this is a great article discussing property rights in tokens, in short, it’s complicated).
But what I found very interesting is the ownership rights given to the holder of the token. The Terms and Conditions of the Club are a bit unclear, and to my mind appear to be contradictory. They say regarding ownership:
“You Own the NFT. Each Bored Ape is an NFT on the Ethereum blockchain. When you purchase an NFT, you own the underlying Bored Ape, the Art, completely. Ownership of the NFT is mediated entirely by the Smart Contract and the Ethereum Network: at no point may we seize, freeze, or otherwise modify the ownership of any Bored Ape.”
This is an interesting way of phrasing things. The buyer owns the token itself, but the buyer also owns the art “completely”, but this is not phrased in copyright terms as a sale of copyright ownership, or even an assignment of rights. Immediately we are also told that the ownership of the NFT is mediated entirely by the smart contract, but this is not the art, it is the NFT itself. The final sentence appears to be a recognition that the token is just part of the equation, and that BYAC retain the potential capability of seizing and modifying the ownership of the ape, even though they clearly promise not to do so. It’s sort of ownership, but limited by BAYC’s good will.
Things become more complicated because the following paragraphs in the ToS are a licence for both personal use and commercial use, which means that the copyright ownership of the ape was never transferred, and the first paragraph must be talking only about the ownership of the NFT and the specific copy of the work, and not the copyright ownership itself, otherwise there would be no need whatsoever for a licence.
The other aspect is that all of the benefits from owning the NFT, be it the licence, the ownership of the artwork, and access to the exclusive members-only club, are mediated by the ownership of the token itself. So if the fraudsters are now in possession of the token, they should have access to all those benefits, right?
Here is where I think that all of the interventions from the NFT marketplaces and BAYC have to start raising eyebrows of anyone who is paying attention to the nature of NFTs. The whole ethos of the so-called Web 3 is that it is decentralised, it moves away from the tired Web 2 dominated by large platforms. It’s a blockchain-driven Internet mediated by tokens, more democratic because of decentralised governance features, more responsive because it uses smart contracts, more transparent because of the blockchain, more resilient and secure because of maths, consensus mechanisms, and strong encryption. Any inconveniences, such as low transactions/second and high transaction fees, are blamed on early-days implementations, or as prices to pay for a more decentralised space.
But what has happened here should be eye-opening. One of the value propositions of NFTs is precisely this much-vaunted decentralisation. Tokens are verified by maths, immutable, trustless, censorship resistant. But if your token can be taken out by a platform, this one very important selling point dissipates into a puff of smoke. NFT marketplaces become just like any other platform, like Twitter and Facebook, in other words, no better than the Boomer Web they despise.
Code is law they tell us, when in reality platform is law.
He has successfully petitioned for the largest marketplaces to blacklist the tokens, ceding de facto censorial power to the marketplaces. The next step would be for BAYC to repeal any member benefits associated with those tokens, admitting that the privileges exist at their whim. pic.twitter.com/kzt1zSULHY
— Dan Olson Pumpkin Emoji (@FoldableHuman) November 1, 2021
I don’t think that the platforms and marketplaces have really thought this one through. By exercising censorship, they are attacking one of the pillars of the decentralisation mythos that surrounds NFTs. I still think that this is the right decision on their part by the way, but we have to stop living in this mythical world of DAOs and complete decentralisation. When things go wrong, the platform rules, and not the smart contract.
Platform is Law.
On the meantime, the only bored ape #9564 you can get your hands on is a Reversed Bored Ape, at least until OpenSea decides to remove it. And therein lies the problem.
A couple of interesting points. Becerra continues to use the Ape as his Twitter profile picture (this is a big element of the status-symbol that is acquired with some NFTs). This further deflates the relevance of the token to the whole scene, it’s bling, a digital aesthetic mediated by proving that you have paid some cash, sort of going to Salt Bae’s restaurant to take a selfie. I also liked this take:
This saga is so hilarious bc it invalidates all of the pro NFT propaganda at once. Your assets are not secure, centralized authorities are required to deal with losses, and this guy insists he maintains ownership of the jpeg somehow despite no longer having the token/receipt. https://t.co/AK3ABvR8aj
— The First Artist Named Zach (@zachhazard) November 1, 2021