Have you seen this Ape?

It’s been another interesting day in the wilderness that is NFT-land. While many people (myself included) have spent a good part of the legal commentary on the NFT art market, the most valuable tokens can be found in collectibles, these usually take the shape of a stock character that is then changed with different characteristics, such as glasses, hats, and clothing. One of the most successful collectibles is the Bored Ape Yacht Club (BAYC), with their collection of 10,000 apes that have an accompanying NFT.

BAYC is a very interesting project for many reasons, and not only because of the prices they’re fetching. The NFT ownership is not only for the underlying art, but having an NFT allows the owner to enter an exclusive space called The Bathroom, which can only be reached by having ownership of the NFT in one’s wallet. The second interesting part of BAYC is that they are a project with explicit terms and conditions about the ownership. While in most collectible projects the creators retain all copyright and ownership of the images, BAYC licences the copyright to the token owner. We’ll discuss the legal issues later.

So we jump to the present, where motivational speaker Calvin Becerra claims to have had three Bored Apes stolen (Apes #9564, #2031, and #9985). The theft (or hack, scam, exploit, delete as appropriate) was performed when Becerra was approached by potential buyers on Discord. The scammers claimed to have had problems with the transaction, and they walked him through some settings in his Metamask wallet to help him finalise the transfer. It’s not clear what they did exactly, but whatever happened he transferred ownership of the apes to the fraudsters.

Becerra took to Twitter and to the community to try to get some redress. In what I believe to be a highly relevant and extremely interesting development, three of the major NFT platforms removed the three tokens from sale, they were flagged and now are not available on NFT Trader, OpenSea and Rarible (see for example here, here, and here). The contracts for each ape are still on the blockchain, and in principle can still be traded (for example here), but they can’t be listed on any of the major platforms. Becerra announced the removal on Twitter.

The stolen apes have therefore been removed from the marketplaces, and Becerra is looking to regain control of the apes. His note to the scammers has now itself been turned into an NFT. You couldn’t make this up.

This is fascinating for all sorts of reasons, not least because I believe that it could prove to be a defining point in how future hacks are handled, but it is also an interesting illustration of the very nature of NFTs, and the underlying ownership issues.

The first question is about the ownership of the Ape, and whether this could be considered theft in a legal sense. While I have been thinking about NFTs mostly from a copyright perspective, this opens the question about whether they can be considered an asset of some form, and if there is indeed some sort of theft. I am not a criminal lawyer and this is an area in which I am not very familiar, but it seems to me that given the money spent on these tokens, there is no question as to their value, so I can imagine these assets falling under some legal definition of theft, I am thinking of something akin to stealing bonds, or maybe even fits as some form of computer misuse. (edit: this is a great article discussing property rights in tokens, in short, it’s complicated).

But what I found very interesting is the ownership rights given to the holder of the token. The Terms and Conditions of the Club are a bit unclear, and to my mind appear to be contradictory. They say regarding ownership:

“You Own the NFT. Each Bored Ape is an NFT on the Ethereum blockchain. When you purchase an NFT, you own the underlying Bored Ape, the Art, completely. Ownership of the NFT is mediated entirely by the Smart Contract and the Ethereum Network: at no point may we seize, freeze, or otherwise modify the ownership of any Bored Ape.”

This is an interesting way of phrasing things. The buyer owns the token itself, but the buyer also owns the art “completely”, but this is not phrased in copyright terms as a sale of copyright ownership, or even an assignment of rights. Immediately we are also told that the ownership of the NFT is mediated entirely by the smart contract, but this is not the art, it is the NFT itself. The final sentence appears to be a recognition that the token is just part of the equation, and that BYAC retain the potential capability of seizing and modifying the ownership of the ape, even though they clearly promise not to do so. It’s sort of ownership, but limited by BAYC’s good will.

Things become more complicated because the following paragraphs in the ToS are a licence for both personal use and commercial use, which means that the copyright ownership of the ape was never transferred, and the first paragraph must be talking only about the ownership of the NFT and the specific copy of the work, and not the copyright ownership itself, otherwise there would be no need whatsoever for a licence.

The other aspect is that all of the benefits from owning the NFT, be it the licence, the ownership of the artwork, and access to the exclusive members-only club, are mediated by the ownership of the token itself. So if the fraudsters are now in possession of the token, they should have access to all those benefits, right?

Here is where I think that all of the interventions from the NFT marketplaces and BAYC have to start raising eyebrows of anyone who is paying attention to the nature of NFTs. The whole ethos of the so-called Web 3 is that it is decentralised, it moves away from the tired Web 2 dominated by large platforms. It’s a blockchain-driven Internet mediated by tokens, more democratic because of decentralised governance features, more responsive because it uses smart contracts, more transparent because of the blockchain, more resilient and secure because of maths, consensus mechanisms, and strong encryption. Any inconveniences, such as low transactions/second and high transaction fees, are blamed on early-days implementations, or as prices to pay for a more decentralised space.

But what has happened here should be eye-opening. One of the value propositions of NFTs is precisely this much-vaunted decentralisation. Tokens are verified by maths, immutable, trustless, censorship resistant. But if your token can be taken out by a platform, this one very important selling point dissipates into a puff of smoke. NFT marketplaces become just like any other platform, like Twitter and Facebook, in other words, no better than the Boomer Web they despise.

Code is law they tell us, when in reality platform is law.

BAYC has the very same problem. If ownership and membership are entirely mediated by the possession of the token, them removing those benefits to the hackers results in a direct assault to those principles of non-censorship and freedom contained in their mission statement and terms of use. The token is useless, they might as well sell paper coupons. YouTuber Dan Olson explained it really well in this tweet:

I don’t think that the platforms and marketplaces have really thought this one through. By exercising censorship, they are attacking one of the pillars of the decentralisation mythos that surrounds NFTs. I still think that this is the right decision on their part by the way, but we have to stop living in this mythical world of DAOs and complete decentralisation. When things go wrong, the platform rules, and not the smart contract.

Platform is Law.

On the meantime, the only bored ape #9564 you can get your hands on is a Reversed Bored Ape, at least until OpenSea decides to remove it. And therein lies the problem.

Edit:

A couple of interesting points. Becerra continues to use the Ape as his Twitter profile picture (this is a big element of the status-symbol that is acquired with some NFTs). This further deflates the relevance of the token to the whole scene, it’s bling, a digital aesthetic mediated by proving that you have paid some cash, sort of going to Salt Bae’s restaurant to take a selfie. I also liked this take:


3 Comments

Arefin · November 2, 2021 at 4:52 pm

The rise of Hacker’s state is on the horizon, where Hackers will be fighting for sovereignty.

Bill Rosenblatt · November 2, 2021 at 6:57 pm

And this is fundamentally different from the Napster era … how?

Queridos Reyes Magos,: quiero un NFT y un supercomputador cuántico | LVCENTINVS · November 5, 2021 at 8:00 am

[…] recomendable el post de Technollama sobre las marketplaces de NFTs y mecanismos de gobernanza (i.e. sus términos de uso y licencias de […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: