NFTs are New Fraud Types

I bought a non-fungible token (NFT) the other day. Not as an investment, I hasten to add. The market for these tradable, from cartoon apes to artsy doodles (as the FT frames them) has collapsed in recent weeks. The average selling price of an NFT has has dropped by around half since their peak before Christmas and volumes on OpenSea, the biggest NFT marketplace, fell by 80% over the last month. I think the line of mug punters waiting for their picture of a chimpanzee with sunglasses has evaporated.

There are those of us who appreciate art rather than speculation, though, so I went to the aforementioned OpenSea to buy something nice. In case you are interested, it is a cartoon from the talented artist Helen Holmes. In case you are an art buyer, this is the one that I bought. It is from her “originals” collection and is now proudly on display in my crypto.com wallet for all to see.

11 cashorcharge

I commission Helen to draw the cartoons that I use to illustrate my articles on Forbes, so I can testify at first hand that she is real, that the cartoons are originals created by her and that I have the right to use them due to our own agreement. And, I am happy to say, that if anyone buys one of them, the money goes to her, the deserving artist. As it turns out, this makes “my” NFT one of the small number of legitimate examples of same, because recently OpenSea said that over 80% of the NFTs created for free on the platform are “plagiarized works, fake collections, and spam”.

(I say “my” NFT, although owning an NFT doesn’t give me any rights in the underlying intellectual property, which still belongs to Helen, or unique access to the image itself which anyone can download just be right-clicking on the picture above.)

Even the NFTs that are not fakes and frauds are often dodgy, to say the least. I include in this category the NFT of an X-ray of one of the survivors of the Bataclan massacre in Paris, which was offered for sale for $2,776 by the surgeon who treated her. And this isn’t about OpenSea, it’s about the entire market. A recent study found that “the top 10% of traders alone perform 85% of all transactions and trade at least once 97% of all assets”. Looking at the numbers, the top 10 percent of “buyer–seller pairs” are as active as everyone else combined. It is market almost completely captured by whales.

When the platform that sold the NFT of Jack Dorsey’s first ever tweet for three million American dollars halts most transactions because counterfeit creators were selling tokens of content that did not belong to them, then I think we can all agree that there is a fundamental problem in the digital assets market.

Innovation

It looks as if NFTs are providing a platform for innovation in fraud as well as innovation in creative works. One of the most common kinds is what is known as “wash trading”, where groups of fraudsters trade an NFT between themselves, for an ever-higher price, until someone who is not part of the group and who thinks that the price is real (in colloquial English investment banking parlance, such individuals are known as “mug punters”) steps in to buy the “art”. At which point, the group split the proceeds between themselves, rinse and repeat. 

This kind of trading is rampant. OpenSea was recently overtaken in volume by LooksRare. LooksRare financially rewards users for their trading volume, which predictably means rogues gaming the system. Crypto analytics firm CryptoSlam estimated that more than four-fifths of the total trading volume since launching is in fact wash trading.

(Interestingly, a detailed Chainalysis study of the problem discovered a strong asymmetry: Most wash traders have been unprofitable, but the successful ones have profited so much that, as a group, wash traders have profited immensely.)

Having said that NFTs are a platform for innovation in fraud, I am forced to admit that I sometimes admire the ingenuity of some of the crypto hackers/loophole exploiters who have been getting work in this new world. Take, for example, the OpenSea “loophole” that was exploited because some NFT owners were unaware that their old sale listings were still active. These old listings were found, and the NFTs were purchased. This led to the loss of multiple expensive NFTs at rock bottom prices. The problem is that the NFTs were getting sold at old offer prices made when the NFTs were much less valuable. To give a specific example, one attacker paid a total of $133,000 for seven NFTs before quickly selling them on for $934,000 in ETH. (Five hours later this ether was sent through Tornado Cash, a “mixing” service that is used to prevent blockchain tracing of funds.)

As Tom Robinson of blockchain analysis company Elliptic explained, this ingenious (although I have to say, not that complex) fraud then led on to an even more fun fraud because OpenSea sent an email to users who still had old NFT listings, and were therefore susceptible to this fraud. However, cancelling the old listing requires an ETH transaction so the enterprising freelance alternative finance enthusiasts behind the original fraud then created bots to look out for these particular transactions and front-run them to purchase the NFTs before the listing was cancelled. In other words, by trying to be helpful and tell users to cancel the vulnerable listings, the marketplace gave away precisely the information need by the perpetrators to automate their attacks.

Scale and Scope

Not all frauds are particularly complex. An awful lot of money has been lost to very basic frauds such as the “rug pull”, whereby innovative cryptocurrency engineers announce the realise of a fabulous new digital asset that will do amazing things in the future, increase 100x in value in next to no time and cure cancer on the way. The public respond with enthusiasm and deluge the issuers with cash, at which point the issuers vanish, deleting their web site, Telegram chat and phoney LinkedIn profiles on the way. The public let the virtual cats out of the virtual bags and discover that they are left with nothing.

(MonkeyJizz was a scam! Who knew!)

There are frauds, though, that take more advantage of the nature of the new infrastructure. The “honeypot” is one such example. In a honeypot, the programmer of the smart contracts that control a new token inserts surreptitious code to ensure that only their own wallet can sell the tokens. Everyone else’s money is stuck in the honeypot while the scammer who created the tokens can sell at any time.

Mention of honeypots takes us on to the main point. Many of the most notable frauds that abound involve decentralized finance, or DeFi, projects, with more than $10 billion lost to DeFi theft and fraud last year. The ability to automate fraud in the DeFi space is a fascinating and terrifying development because of the sheer scale of the frauds that can be perpetrated but automated fraud is not limited to the web3 world, of course. PayPal (PYPL) recently closed 4.5 million accounts (and lowered its forecast for new customers) after discovering that bot farms were exploiting its incentives. The payments had offered $10 as an incentive to open new accounts, at which point the bot farmers stated tilling the PayPal fields.

The combination of automation and complexity is toxic and needs to be tackled up front. But how? Surely it should be one of the most basic tests of eligibility for a payment account that you are an actual human being! How is it so difficult to ensure that certain transactions are executed by people and not by bots! I hate to say it yet again, but the way forward is through a working, fit-for-purpose digital identity infrastructure. It should not be possible to open an account without an IS_A_PERSON credential, which as I insist on forecasting, will one day be the most valuable credential of all.

May I interest you in a credit card *bleep*

In August this year, eight teams gathered for the three-day final of DARPA’s AlphaDogfight trials. The teams had developed Artificial Intelligence (AI) pilots to control F-16 fighter aircraft in simulated dogfights. The winner beat the human USAF pilot in five dogfights out of five. I’m not really sure what this means for the defence of the free world, partly because I don’t know anything about air combat (other than endless games of Falcon on my iMac years ago) but largely because it seems to me that there is a context error in the framing of the problem. Surely the future of air warfare isn’t robo-Maverick dogfighting with North Korea’s top fighter ace but $100m Tempest fighters (which as Sebastian Robin pointed out in Forbes earlier this year, might make more sense as unmanned vehicles) trying to evade $1m AI-controlled intelligent drones and machine-learning (ML) swarms of $10,000 flying grenades that can accelerate and turn ten times quicker. The point about budget is important, by they way. Inexpensive Turkish drones have been observed in Syria and Libya destroying enemy armour that costs ten times as much.

As is often said then, we plan for the battles of the next war using the weapons of the last one. This is true in finance just as it is in defence. A couple of years ago, John Cryan (then CEO of Deutsche Bank) said that that the bank was going to shift from employing people to act like robots to employing robots to act like people. They put this plan in motion and earlier this year announced big staff reductions as part of a radical overhaul of operations. At the same time, the bank announced that it will spend €13bn on new technology over the next four years. These investments in infrastructure “are already making some humans at Deutsche unnecessary”. The bot takeover in banking is already happening.

It is not surprising to see this takeover happening so quickly, because there are many jobs in banks that are far simpler to automate than that of a fighter pilot. In India, YES Bank has a WhatsApp banking service that uses a chatbot (a conversational AI with extensive financial knowledge) to help customers to check balances, order cheque books, report unauthorised transactions, redeem reward points, connect with help desks and to apply for more than 60 banking products. And this is only the beginning. The Financial Brand reported on research from MIT Sloan Management Review and the Boston Consulting Group showing that only one in ten companies that deploy AI actually obtain much of a return on ROI. This is, as I understand it, because while bots are good at learning from people, people are not yet good at learning from bots. A robot bank clerk is like a robot fighter pilot, an artificial intelligence placed in the same environment as a human: when organisations are redesigned around the bots, then the ROI will accelerate.

Maverick

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

The robots will take over, in banking just as in manufacturing. So will you be served by a machine when you go to the bank five years from now? Of course not. That would be ridiculous. For one thing, you won’t be going to a bank five years from now under any circumstances. You’ll be explaining “going to” a bank to your baffled offspring just as you were explaining “dialling” a phone to them five years ago. But you won’t be going to your bank in cyberspace either. Your bot will. As I pointed out in Wired this time last year, the big change in financial services will come not when banks are using AI, but when customers are.

The big change in financial services will come not when banks are using AI, but when customers are. Click To Tweet

Think about it. Under current regulations, my bank is required to ask me to make decisions about investments while I am the least qualified entity in the loop. The bank knows more than I do, my financial advisor knows more than I do, the pension fund knows more than I do, the tax authorities know more than I do. Asking me to make a decision in these circumstances seems crazy. Much better for me to choose an approved and regulated bot to take care of this kind of thing. And if you are concerned that they may be legal issues around delegating these kinds of decisions to a bot, take a look at Ryan Abbott’s argument in MIT Technology Review that there should be a principle of AI legal neutrality asserting that the law should tend not to discriminate between AI and human behaviour. Sooner or later we will come to regard allowing people to make decisions about their financial health as dumb as letting people drive themselves around when bots are much safer drivers.

The battle for future customers will take place in landscape across which their bots will roam to negotiate with their counterparts – ie, other bots at regulated financial institutions – to obtain the best possible product for their “owners”. In this battle, the key question for customers will become a question of which bot they want to work with, not which bank. Consumers will choose bots whose moral and ethical frameworks are congruent with theirs. I might choose the AARP Automaton, you might choose the Buffett Bot or the Megatron Musk. Once customers have chosen their bots, then why would they risk making suboptimal choices around their financial health by interfering in the artificial brain’s decisions?

Imaging the world of the future as super-intelligent robots serving mass-customised credit cards and bank accounts to human customers is missing the point — just as imagining the world of the future as F-16s with robot pilots duelling M-29s with robot pilots is — because in the future the customers will be super-intelligent robots too.

[An edited version of this article first appeared on Forbes on 24th November 2020.]

War stories

The science-fiction action adventure movie Aliens is one of my all-time favourite films. I’ve watched it countless times, in the cinema, on video, on DVD and now on Blu-ray in the directors cut and the original theatrical release. I know the whole film off by heart yet I never get tired of watching it. Just like the original movie alien I think the visualisation is superb: it pretty much all looks real (except for one single effect, which is the drop ship entering the atmosphere).

James Cameron had several designers come up with ideas for the drop ship that took the Marines from the Sulaco to the planet. Design after design, he finally gave up on them to come up with on he liked and constructed his own drop ship out of a model of an apache helicopter and other spare model pieces.

[From Aliens (1986) – Trivia – IMDb]

I love the “Colonial Space Marines” and their equipment. I love the way they storm in and then have to survive as it all goes wrong. I love their vehicle and their assault cannons, their auto-sentries and their flamethrowers. Fantastic. And what exciting future it would be!

We all know, of course, that they won’t really be like that. The most advanced military machine that we have today, the US Armed Forces, already employs more drone pilots than actual pilots. They’re building robots that can climb stairs and sensors that fit in tiny mechanised bees. We would really fight the aliens on the distant planet LV-426 by sending in men and women? I don’t think so. By the time we’re mining asteroids in the year 3000, the standard intergalactic assault will be to send in nano bots to get a DNA sample of the enemy and then use it to engineer a virus that will wipe them out in a week. A couple of days after I wrote the first draft of this post, I read

From state-sponsored cyber attacks to autonomous robotic weapons, twenty-first century war is increasingly disembodied. Our wars are being fought in the ether and by machines. And yet our ethics of war are stuck in the pre-digital age.

[From Cyber and Drone Attacks May Change Warfare More Than the Machine Gun – Ross Andersen – Technology – The Atlantic]

As is often said, science fiction isn’t really about the future. It’s about now. The Colonial Space Marines fighting the aliens represent US Marines fighting asymmetric wars around the globe right now. (And just as in the movie, they won’t be held to win unless they take off and “Nuke it from orbit, it’s the only way to be sure”.)

The role of technology in the future of conflict will be critical but it won’t be romantic. I don’t see my great-grandchildren reading the equivalent of the Commando picture library that gripped me when I was a kid, or watching movies like Apocalypse Now or Saving Private Ryan.

In the future, everyone will be famous for fifteen megabytes