Category Archives: Technology Law

Blockchain, Digital Assets, DLT, NFTs, Technology Law

Dapper Labs Ruling Dunks on Private Networks

On February 22, 2023, The Honorable Victor Marrero of the United States District Court of the Southern District of New York released a 64-page opinion providing an instant classic exposition  of the Howey Test applied in a Web 3.0 context.  In denying Dapper Labs’s and its CEO’s Motion to Dismiss the unregistered securities offering case brought against them, the Court relies on logic and attention to detail while using an unobstructed view of the applicable law.  The decision can be easily unpacked and likely distilled to one overarching lesson:  market digital assets using your own private blockchain and marketplace and you should probably hire an SEC compliance lawyer beforehand.

In Friel vs. Dapper Labs, Inc., it is the marketing and sale of NFT “Moments” that give rise to Plaintiffs’ putative class action and not Defendant’s FLOW tokens – which were sold in an initial coin offering (“ICO”) outside the United States.  The Court defines NFTs as “digital assets whose authenticity and ownership can be recorded on a blockchain” and the underlying “Moments are a digital video clip of highlights from NBA games, such as a spectacular dunk or game-winning shot.”  Opinion at 9 (“NBA Top Shot is a platform or application, owned and operated by Dapper Labs and built on top of the Flow Blockchain. The purpose of the NBA Top Shot application is primarily to provide a platform to sell “Moments,” the alleged security at issue in this action.”). The Court could have also labeled Moments “programmable digital assets or PDAs” given these digital assets are both programmable for purposes of writing on a blockchain as well as “programmable” for purposes of automating transactions, e.g., the use of royalty payments.

As with most PDAs/NFTs, “[o]wnership of a Moment is limited to only the NFT itself. When a person purchases a Moment, the owner does not acquire any rights to the basketball highlight depicted by the NFT or the underlying artwork or other intellectual property, and thus does not acquire any rights to exploit the highlight without the express permission of the NBA, NBAPA, and Dapper Labs.”  Opinion at 10.

The Court’s ruling ultimately addressed “whether Moments are more like cardboard basketball cards, i.e., commodities, or more like crypto tokens.”  Opinion at 20.  And, in so doing, it was standing on new ground given that “no other courts have addressed either the exact substance or posture of the dispute here:  whether allegations that an unregistered offer for purchase or sale of, specifically, an NFT constitutes an investment contract under Howey and thus survive a motion to dismiss under Rule 12(b)(6).”  Id.   

The Court had little problem denying the Motion to Dismiss and finding Moments could potentially constitute “investment contracts” based on “the plausible allegations that Dapper Labs maintains private control over the Flow Blockchain, which significantly, if not entirely, dictates Moments’ use and value; that Dapper Labs touted Moments as a means for purchasers to realize substantial profits through the low sale prices for packs and marketing of the substantial profits others had made through sale on Dapper Labs’s proprietary Marketplace; and that without Dapper Labs’s essential efforts in maintaining the Flow Blockchain and Marketplace, Moments would be valueless.”  Opinion at 63.

The fact that Dapper Labs controls the marketplace where Moments are sold as well as the private blockchain where they are minted and associated transactions are recorded were the primary reasons why the Court ruled as it did.  Opinion at 11 (“[P]eople may acquire Moments through a secondary marketplace, hosted on the NBA Top Shot application and created and controlled by Dapper Labs (the “Marketplace”). In the Marketplace, Moments owners can re-sell individual Moments they acquired in packs or that they bought from other Moments owners. They may also gift Moments. Ownership of the Moments, the price paid for the Moments, and the transfer and sale of the Moments in the Marketplace are all recorded on only the Flow Blockchain.”).

Judge Marrero begins his legal analysis by referencing the definition of an “investment contract” found in the seminal case SEC v. W.J. Howey Co. where the Supreme Court of the United States defined an “investment contract” as “a contract, transaction or scheme whereby a person invests [their] money in a common enterprise and is led profits solely from the efforts of the promoter party.” Opinion at 17 – 18 (citing SEC v. W.J. Howey Co., 328 U.S. 293, 298-99 (1946)).

As pointed out by the Court, some of the instruments that “at first blush” would not appear as securities include whiskey casks, chinchillas, and rare coins.  Opinion at 19.  Similarly, PDAs/NFTs may not at first blush appear like an “investment contract”.  The Court reasoned that the Dapper Labs token “FLOW is part of the economic realities of the investment scheme in dispute. And, moreover, the Court finds that Defendants are wrong that Dapper Labs’s “embrac[ing] a new technology – NFTs – does not change the underlying legal analysis.” (Id.) In stark contrast to Defendants’ contention, “the involvement of blockchain technology does [] alter” the conclusion, as the Plaintiffs’ allegations make plausible that but for Dapper Labs’s creation, development, and maintenance of the private Flow Blockchain, Moments would have no value.”  Opinion at 22.

Buttressing its view that the private nature of the Flow Blockchain is what sets this case apart, the Court cites a law review article for the following proposition:  “Private blockchains use the same technology as public blockchains, however, a single entity administers them. This results in more control for the entity to restrict permission or allow access to only approved, or invited users.”  Opinion at 4, n. 4See also Opinion at 23 (“In each case, the promoters privatized their ledger, making the purchasers reliant upon the promoter for the asset’s value. That similarity is true whether the instrument is a crypto token or an NFT. And it is the critical similarity here.”).

Again, it is ultimately control over the private blockchain that drives the ruling:

The interplay among FLOW, the Flow Blockchain, and Moments is necessary to the totality of the scheme at issue. Plaintiffs have alleged that, without FLOW tokens, no transactions on the Flow Blockchain can be validated. Indeed, the “Proof-of-Stake” mechanism employed by the Flow Blockchain requires FLOW to power it and incentivize miners to validate transactions. In that respect, FLOW’s utility creates value for Moments through the network’s consensus as to ownership and the price of each transaction.

Opinion at 22.

Indeed, the Court affirmatively states as much:  “[T]he economic realities and technological interplay between FLOW, the Flow Blockchain, and Moments, as alleged by Plaintiffs, are what supports the Court’s conclusions.”  Opinion at 23See also Opinion at 62 (“The allegations that Dapper Labs created and maintains a private blockchain is fundamental to the Court’s conclusion. By privatizing the blockchain on which Moments’ value depends and restricting the trade of Moments to only the Flow Blockchain, purchasers must rely on Dapper Labs’s expertise and managerial efforts, as well as its continued success and existence. As Plaintiffs allege, this is unlike public blockchains, such as that underlying Bitcoin.”) (emphasis added).

Plaintiffs were found to allege a scheme providing directly correlated value between FLOW and Moments, “[i]nsofar as FLOW is necessary to creating the value of Moments via blockchain validation with “[t]he economic impact [being] that as more value is created on top of the Flow [B]lockchain, more demand is generated for FLOW tokens.”  Opinion at 23.

As for the respective component prongs of the Howey Test, such as the “common enterprise” requirement, the Court largely relied on what it called “the ICO Cases” and found this pooling of interests prong satisfied given “allegations plausibly tied the funds received by the promoter through the offering to an improvement of the ecosystem (i.e., the private blockchain) that consequently increases the value of the token offered during the ICO.”  Opinion at 28See also Opinion at 32 (“Plaintiffs allege that Dapper Labs has pooled Moments purchasers’ funds to raise additional capital, outside of and along with revenue, to ensure the Flow Blockchain does not collapse. The reasonable inference to draw from these allegations is that the capital Dapper Labs raises through the offer of Moments is used to develop and maintain the Flow Blockchain.”); Opinion at 34 (“Plaintiffs have alleged that purchasers of Moments are “hitching their wagons to the continued success of NBA Top Shot, [and] to Dapper Labs and the Flow Blockchain that underlies the platform. . . . If the fortunes of Moments purchasers were entirely divorced from the success of Dapper Labs’s Flow Blockchain, then such price reactions based on Dapper Labs’s management of the Flow Blockchain would be unlikely.”); Opinion at 56 (“[I]f Dapper Labs became insolvent and purchasers were unable to trade their Moments on the Marketplace, purchasers would lose the value of their Moments.”).

Of note, the Court rejected any temporal bar that would provide a safe harbor for promoters who waited until their project was far along before introducing the purported investment contract element.  Opinion at 30 (“Implementing the temporal bar that Defendants urge is impractical and would inappropriately limit the scope of investment contracts to pre-development initial offerings.”).

Shared success was found in the fact that Moments’ continued value is contingent on the success of Dapper Labs.  Moreover, this was reasonably inferred given “Dapper Labs controls the Flow Blockchain” and “all that Moments purchasers own is, essentially, the line of code recorded on the Flow Blockchain, as no other rights to use or display the image are transferred.” Opinion at 36

The Court also found that “Defendants’ public statements and marketing materials objectively led purchasers to expect profits.”  Opinion at 45.  Moreover, under the applicable test, the promise of profits must also be “derived from the entrepreneurial or managerial efforts of others.”  Opinion at 52.    More specifically, “[t]he law requires [] that . . . the efforts of the promoters . . . must be necessary to the success of the venture, such that without them, the ‘investments would be virtually worthless.’”  Opinion at 53 (citation omitted). Plaintiffs easily satisfied this requirement for purposes of the Motion to Dismiss.

And finally, the Court broadly concluded that “Defendants’ failure to acknowledge the blockchain technology that underlies Moments is fatal to their Motion in this respect. Without Dapper Labs’s continued maintenance of the Flow Blockchain and the “token that powers it all,” FLOW, Plaintiffs’ [complaint] plausibly alleges that Moments would have no value.” Opinion at 54See also Opinion at 56 (“a company’s efforts to develop and maintain an ecosystem for trading sufficiently establishes the third Howey prong.”); Opinion at 57 (“Dapper Labs’s implicit promise to maintain the Flow Blockchain and facilitate trades on the Marketplace drive Moments’ value.”).

While the Court made the correct ruling as to Dapper Labs, there is always the possibility a future court might misconstrue what was done to the disadvantage of others selling PDAs/NFTs using, for example, a layer 2 platform build on a public blockchain or on a platform not reliant on a native token ecosystem.  Such potential future ruling would be an obvious bridge too far. 

The Court recognizes the potential for such mistakes being made prior to signing off by providing a disclaimer that “[n]ot all NFTs offered or sold by any company will constitute a security, and each scheme must be assessed on a case-by-case basis.”  Opinion at 62.

It is highly unlikely that the Court’s ruling could be used against a fine art PDA/NFT platform using public blockchain networks. The Court even acknowledges that truly individual and unique items such as artwork would not easily square with its ruling.  See Opinion at 35 (“In each of the cases cited by Defendants, horizontal commonality did not exist because there was no causal connection between “unique pieces of artwork” being sold and the promoter making the offering.”) (citing Dahl v. English, 578 F. Supp. 17, 20 (N.D. Ill. 1983)); Opinion at 36 (“[I]f, hypothetically, Dapper Labs went out of business and shut down the Flow Blockchain, the value of all Moments would drop to zero. That is the critical causal connection that other collectibles cases lack, and which is alleged here.”); Id. (“Assessing those allegations in connection with the analogy Defendants favor – cardboard basketball cards – reveals the flaw in their analysis. Hypothetically, if Upper Deck or Topps, two longtime producers of physical sports trading cards, were to go out of business, the value of the cards they sold would be wholly unaffected, and may even increase, much like posthumously discovered art.”).

On the chance a PDA/NFT sale couples with the physical twin underlying it, there would stand yet another reason to distinguish this decision.  See Opinion at 52 (“Other than Dapper Labs’s self-serving definition of Moments as “Art,” Defendants concede that the definition connects only to “the videos and pictures underlying each Moment,” which purchasers do not own, thus ignoring that the “totality of the evidence” supports a finding that Moments were purchased with “investment intent.”); Opinion at 58 (“[W]hile Moments purchasers may “own” the NFT (or line of code that indicates ownership on the blockchain) they have no rights to the underlying intellectual property the NFT depicts.”).

Fine art NFTs also retain another point of distinction with Moments given fine art NFTs will always have intrinsic value.  As recognized by the Court, “Defendants’ argument that “Dapper’s marketing efforts would have no effect on the value of the basketball cards being sold, because each card has an inherent worth” is contradicted by Dapper Labs’s Terms of Use for the NBA Top Shot application, which repeats four times that Moments have “no inherent or intrinsic value.”  Opinion at 57See also SEC v. Kik Interactive, Inc., 492 F. Supp. 3d 169, 180 (S.D.N.Y. 2020) (“Unlike real estate, Kin have no inherent value and will generate no profit absent an ecosystem that drives demand.”).

Almost as an aside, it is also hoped that future courts citing this decision do not value too highly the Court’s comment regarding the hyping of sales – something every promoter or seller does in some form or another.  See Opinion at 55 (“Plaintiffs also plausibly allege that the value of Moments in the secondary market depends upon Dapper Labs’s ability to maintain hype and keep purchasers interested in buying and trading Moments.”).   Fine art gallery owners certainly routinely “hype” their artists in the secondary market and such conduct standing alone should never point the needle in any one direction.   

And finally, to the extent the Court extols in general terms the virtues of blockchain technology as a way of demonstrating why the entire Flow ecosystem – including Moments, necessarily relied on Dapper Labs’s success, the failure to parse between private and public blockchains might cause a future court into mistakenly equivocating privately-run blockchain network with a true public one.  See Opinion at 57 – 58 (“Plaintiffs plausibly allege that Moments would be worth far less without the price transparency and trust that the Flow Blockchain enables as well as Dapper Labs’s facilitation of trading on the Flow Blockchain via the Marketplace.”).  Overall, this language comes off as slanted in a single direction without proper distinctions being made but this criticism remains a minor quibble in an otherwise extremely well-written decision. 

There are certainly valid reasons why platforms built on private blockchains should be treated differently from public blockchains and likely why Voice wisely recently made the move to a public blockchain. Platforms that use native tokens such as Rarible with its RARI token may also have to strategize a bit after this decision. And finally, private blockchains focused on NFTs such as WAX may have to decide how the efforts of its promoters are compensated. At some point in the future, the fact that the Cayman Islands company “Exposition Park Holdings SEZC” owns the intellectual property filings referenced below may create a problem for the WAX ecosystem:

Going forward, the safest approach to take for those looking to build out a PDA marketplace is to partner with a company that has built a platform from the ground up using a public blockchain and without the use of a platform native token or any other direct means of controlling the value of the digital assets marketed using the platform. And, the PDAs/NFTs sold using such a platform least likely to be considered investment contracts are the fine art ones underlying the nascent Digital Art Movement now well underway.

Blockchain, Digital Assets, DLT, Intellectual Property, NFTs, Technology Law

NFTs are Dead, Long Live PDAs

The year may not be 1422 and the ascension of Charles VII to the French throne may not mean much six hundred years later but a formal transition of power from the “non-fungible token” blockchain throne is finally in order – with “programmable digital assets” – or PDAs, taking the place of NFTs.

Built on the same sort of blockchain technology underlying every Bitcoin ever mined, a non-fungible token is merely a digital reference certificate of ownership containing the provenance and ledger of all activity surrounding a specific digital asset. On November 13, 2018, Christie’s New York became the first auction house to register a high-end art sale on a blockchain platform with its $317,801,250 sale of the Barney A. Ebsworth collection.   In other words, the provenance utility of blockchain as a “secure digital registry” was already proven four years ago.

Because they are recorded on a public blockchain, NFT activities can be viewed by the public and any manipulations of data easily discovered.  Indeed, this ability to discover manipulations caused many to consider blockchain entries a sort of immutable ledger – an overstatement but still a useful analogy.

Despite representing only 10% of the total volume in NFT transactions, fine-art NFT sales remain the most fertile growth area for NFTs going forward.  As astutely pointed out by the owner of a leading fine-art NFT marketplace, “cryptographically provable scarcity provides value, while decentralization provides security and transparency — qualities that make both art and cryptocurrencies valuable. The NFT art movement may be nascent, but it has increased its pace from a crawl to a sprint, and the world is taking notice.”  Where Gemini is wrong, however, is in thinking the “NFT art movement” would go any further than it already has in its present incarnation.

While the term “non-fungible token” is technically accurate, it was always somewhat misleading given the term focuses only on the uniqueness of the asset, which may be a key characteristic but certainly is not the sine qua non of these digital assets.  The technology underlying NFTs offers much more than the ability to represent a unique digital item. NFTs have always been created using smart contracts, which are self-executing contracts with the terms of the agreement between buyer and seller directly written into the code.  In other words, NFTs can be programmed to perform actions or facilitate certain transactions after certain conditions are met.  For example, these digital assets could be programmed to automatically transfer ownership to a new owner when certain conditions are met, such as the passage of time or the payment of a certain amount of money.

This ability to program using smart contracts provides a level of functionality and flexibility that goes well beyond merely representing a unique digital item.  Art sold as an NFT, for example, can for the first time automatically transfer financial support to a charity of the artist’s choosing.  In other words, these unique fine art objects are much better described as programmable digital assets rather than NFTs even though a “programmable digital asset” can technically be fungible.

A nomenclature change is now in order because the term “non-fungible token” never adequately conveyed potential other use cases for NFTs. While NFTs are often associated with collectibles, they have the potential to be used in a wide range of applications, including supply chain management, provenance, and even real estate transactions. By only highlighting the “non-fungible” aspect of these digital tokens, one overlooks other potential uses and applications – characteristics that can make the art component of the token active and subject to change unlike the dominant static art already in existence for millennia.

At its essence, the term “programmable digital assets” more succinctly captures the potential range of capabilities and uses for these digital tokens, and certainly better conveys their unique position as a new type of digital asset, namely one that is programmable. The off-putting term “non-fungible” conveys a single attribute that can easily be part of a broader marketing discussion.

There is no denying the term “non-fungible token” has gained widespread use and recognition – much of it negative in recent months, so it will be difficult to completely shift to any new terminology without having significant marketing dollars thrown at the problem. Nevertheless, with awareness for NFTs evolving in a negative direction – whether Trump or fraud driven, it becomes even more crucial to apply a new product term.  This new term might as well more accurately reflect the full potential of these novel assets. 

Industry advocates would be smart to do whatever it takes so that NFTs relinquish their throne to a new and more progressive named successor no matter what the cost.  In some ways, this change is already under way. On July 7, 2022, Reddit announced it would introduce “Blockchain-Backed Collectible Avatars” – limited-edition digital assets created by artists which provide unique Reddit platform benefits to owners. 

Despite very much being NFTs, the Reddit announcement did not use the term NFT even once. Maybe in the future a company with deep marketing resources will simply try and co-opt the entire market category by using its own “brand worthy” naming convention for “programmable digital assets” .  Until that happens, however, we should help PDAs succeed NFTs.

It might be easier to imagine this name change a reality while having a Dunkin’ coffee and trying to envision what an EskimoPie or Uncle Ben’s rice pudding dessert with Aunt Jemima syrup would taste like or what an old Weight Watchers ad might look like if played while watching the Washington Redskins’ 1992 Super Bowl victory. 

Behavioral Advertising, Privacy, Social Media, Technology Law

World Phone is Allowed to Pursue Meta in Regulatory Proceeding

On December 8, 2022, the High Court of New Delhi ruled that World Phone “may be allowed to participate, both by means of written representation and oral submissions” before the Telecom Regulatory Authority of India (TRAI). Such relief was granted despite opposition by Respondents Facebook and WhatsApp.

In addition, the Court ruled: “Considering the extensive prevalence and use of internet telephony, TRAI would expeditiously conduct this stakeholders’ consultation and give its recommendations accordingly.” In other words, not only must TRAI consider the submissions of World Phone, it must quickly deliberate regarding its recommendations.

On one level, the Court passed the buck on this matter given no substantive ruling was reached regarding the underlying merits of the Petition. On the other hand, there was a stern message set forth in the Order regarding how the Government of India has shifted in its approach to over-the-top services and that it may be the time to reign in Meta before it is too late. World Phone – a company that has been battling Facebook since 2015, will do what is needed to assist in that endeavor.

Behavioral Advertising, Intellectual Property, Technology Law

ChatGPT

On December 7, 2022, ChatGPT was asked “write a 450 word essay on how ChatGPT works and how it can impact Web 3.0 in the future.”

Here’s how it responded:

ChatGPT is a cutting-edge natural language processing (NLP) model developed by OpenAI. It is a variant of the popular GPT-3 model, which is known for its ability to generate human-like text. Unlike GPT-3, however, ChatGPT is specifically designed to handle conversational language, making it a powerful tool for building chatbots and virtual assistants.

ChatGPT works by processing a sequence of words and predicting the next word in the sequence based on the context of the words that came before it. It uses a deep learning algorithm called a Transformer, which allows it to analyze large amounts of text data and learn the patterns and relationships between words in a given language. This allows ChatGPT to generate text that is coherent and relevant to the conversation at hand.

One of the key advantages of ChatGPT is its ability to handle a wide range of conversational scenarios. It can handle simple tasks like answering basic questions or providing information, as well as more complex tasks like carrying on a multi-turn conversation or responding to open-ended prompts. This makes it an ideal tool for building chatbots and virtual assistants that can help users with a variety of tasks.

In the future, ChatGPT and other advanced NLP models like it could have a significant impact on Web 3.0. Web 3.0, also known as the Semantic Web, is the next generation of the internet, where information is organized and interconnected in a way that allows machines to understand and interpret it. With the help of advanced NLP models like ChatGPT, machines will be able to process and understand natural language, allowing them to interact with users in a more natural and intuitive way.

For example, imagine using a virtual assistant to help you plan a trip. With the help of ChatGPT, the assistant could understand your requests and preferences, and provide personalized recommendations for flights, hotels, and activities based on your specific needs. It could even handle complex tasks like booking reservations and making payments, freeing you from the tedious and time-consuming task of doing it yourself.

In addition to making everyday tasks easier and more efficient, ChatGPT and other advanced NLP models could also have a major impact on industries like healthcare, finance, and education. For instance, chatbots powered by ChatGPT could be used to assist doctors in diagnosing and treating patients, or to provide personalized financial advice to investors. In the education sector, chatbots could be used to provide personalized tutoring and support to students.

In conclusion, ChatGPT is a powerful natural language processing model that has the potential to revolutionize the way we interact with machines. With its ability to handle complex conversational scenarios and understand natural language, it could have a major impact on Web 3.0 and a wide range of industries in the future.

++++++

Given the fact ChatGPT obtained over a million users in under a week, it won’t be long before the company that launched this tool is eventually purchased by Microsoft or Google – especially given it is a direct threat to their multiple billion dollar revenue streams.

Blockchain, Copyright Infringement, Digital Assets, DLT, Intellectual Property, NFTs, Technology Law

IP Rights in NFTs, Part I

On August 31, 2022, VC powerhouse Andreessen Horowitz released a series of license templates focused on helping NFT projects create more certainty in intellectual property matters.  This comes on the heels of an August 19, 2022 report, “A Survey of NFT Licenses: Facts & Fictions” that concludes the “vast majority of NFTs convey zero intellectual property ownership” to their owners. 

Seeking to create certainty where none currently exists, the released licenses provide different approaches for NFT projects:

According to Andreessen’s Horowitz’s General Counsel, these licenses “were inspired by 20-plus years of work by the Creative Commons.”  Working with two law firms and several of their portfolio companies, the licenses have been incorporated into a Github repo so creators can build them directly into the smart contracts used in their NFT projects. And, they have been all released under the Creative Commons Zero open source license.  Andreessen Horowitz also claims that its licenses are “legally irrevocable” and create certainty in the marketplace after the license is deployed. 

All of this is of course wishful thinking. 

No matter how noble its motivations, Andreessen Horowitz cannot unilaterally dictate when licenses will be “legally irrevocable” in the same sense a smart contract deployed on one platform may not be enforceable when a minted NFT using that same smart contract is sold on another platform.  Given the many different NFT platforms deployed, this is just one of many issues that likely more pressing.  As for what a suitable NFT intellectual property framework would actually look like, that really depends on the platform used.

Blockchain, Digital Assets, DLT, Network Security, Technology Law

Axie Infinity’s Sidechain Suffers Massive DeFi Exploit

On March 29, 2022, the developers behind the Ronin Network – an Ethereum sidechain used to support the decentralized game Axie Infinity, announced a major exploit.  The developers revealed that an attacker used hacked private keys from four Ronin Validators and a third-party validator run by Axie DAO – out of a total of nine, to forge withdrawals of 173,600 ETH and 25.5M USDC – valued at over $625 million. 

This sort of 51% consensus attack plagued the proof of work crypto community since its early days but largely fizzled out as a threat as the major blockchains grew more complex and the number of mining nodes grew into the thousands.  The fact that the Ronin sidechain only had nine validators for its exit bridge – with a majority being a mere five of the nine, was a security failing by most vantage points.  Not surprisingly, to “prevent further short term damage”, the Ronin Network immediately “increased the validator threshold from five to eight.” And, more importantly, the network “will be expanding the validator set over time, on an expedited timeline.” 

The race to mass adoption of new networks has caused many DeFi platforms to forego a security-first design.  Rather than viewing such an approach as time-consuming or stifling growth, new networks competing with Bitcoin and Ethereum and underlying many new DeFi platforms, must recognize that only with trust will this community ever grow beyond its current early adopters.

UPDATE: March 30, 2022

According to a text message sent to Bloomberg by Aleksander Leonard Larsen, chief operating officer of the developer behind the Ronin Network, Sky Mavis: “We are fully committed to reimbursing our players as soon as possible. . . We’re still working on a solution, that is an ongoing discussion.”

Blockchain, Digital Assets, DLT, Intellectual Property, NFTs, Technology Law

Frosties Rug Pull Demonstrates Community is Key to NFT Projects

On January 9, 2022, creators of the Frosties NFT Collection abandoned their project after investors spent over $1.2 million buying the entire inventory of digital “cartoon ice cream” characters. The money received by the creators was transferred the same day.

Relying on the Chinese lucky number 8 four times over, the collection of 8,888 Frosties was described as “Cool, Delectable, and Unique” and quickly sold out based on claims made by the creators.  Their project website – which has since been taken down, promises the following:

Frostie NFTs are made up of over a hundred exciting traits of backgrounds, body, clothing, eyes, mouths, eyewear, hats, toppings, and items. Each Frostie is a unique, non-fungible token (NFT) on the Ethereum blockchain.

Frosties will have staking, metaverse, breeding functions, and so much more!

Holding a Frostie allows you to become eligible for holder rewards such as giveaways, airdrops, early access to the metaverse game, and exclusive mint passes to the upcoming seasons.

The Frosties presale will take place on January 7th and the main sale will take place on January 8th.

Join the Frosties community on Twitter and Discord!

After the January 8, 2022 public drop of Frosties at a floor of 0.04 ETH, the project’s Twitter and Discord server accounts were taken down and in a “rug pull” the floor price was removed.  It was also a cash grab given the NFTs stayed with their new owners whereas the creators stopped all further efforts to build or benefit the community.

What happened next is instructive.  First, the value of the underlying NFTs have been selling both low and very high.  In other words, the market is now dictating the pricing and life goes on with how these assets are going to be priced.

As for moving forward with the project, the Frosties Rug Pull demonstrates that projects can go forward with or without the original creators.  The key is to have a passionate community and at least a few folks who can help lead the charge from a technical perspective. 

In the case of Frosties, someone named EsahcHslaw took charge and posted on reddit:  “We are wrapping Frosties under a new contract for those who want to continue to hold while the project kicks off again. Old dev won’t gain royalties this way. The community will own the funds. Community ran, doxxed multisig, roadmap, website, new Twitter. DM for DC server invite.” 

By removing the possibility of creators obtaining future royalties, Frosties owners effectively removed the creators from the project going forward.  And, if the Frosties community continues growing organically – with new social media channels and active community involvement, the Frosties Rug Pull will demonstrate that an active community is the primary engine for driving NFT value.

UPDATE: March 25, 2022

Federal prosecutors New York charged two in a criminal complaint with conspiracy to commit wire fraud and conspiracy to commit money laundering, in connection with the Frosties rug pull.

As set forth in the March 24, 2022 DOJ press release, “Mr. Nguyen and Mr. Llacuna promised investors the benefits of the Frosties NFTs, but when it sold out, they pulled the rug out from under the victims, almost immediately shutting down the website and transferring the money. Our job as prosecutors and law enforcement is to protect investors from swindlers looking for a payday.”

Blockchain, Digital Assets, DLT, Network Security, Risk Management, Technology Law

Defi Security Growing Pains Continue with BitMart Breach

On December 6, 2021, crypto exchange BitMart – which bills itself as “The Most Trusted Crypto Trading Platform”, announced a security breach “mainly caused by a stolen private key that had two of our hot wallets compromised.”   A tweet from security analysis firm PeckShield first called attention to this hack days earlier.  According to Peckshield, the loss is around $196 million.  Interestingly, BitMart at first denied there was any hack – claiming it was “fake news”.

According to the BitMart Twitter release:  “At this moment we are temporarily suspending withdrawals until further notice.”  A Telegram “ask me anything” is scheduled for 8:00 p.m. est this evening.

Similar to what was done by other centralized crypto exchanges after a security incident, BitMart will use its own funds to compensate users impacted by the theft.   

The BitMart theft comes on the heels of a report by London-based consulting firm Elliptic revealing billions of dollars stolen from DeFi platforms.  According to Elliptic’s recently released report, the overall losses caused by DeFi exploits total $12 billion and of that amount, fraud and theft accounted for $10.5 billion, seven times the amount from last year.

Thefts hitting crypto exchanges such as BitMart and DeFi protocols such as Poly Network shine a light on the fact DeFi is largely driven by startups lacking cybersecurity maturity.   In contrast, the financial institutions that literally spend billions on cybersecurity want no part in helping DeFi projects; and more likely, welcome cyber incidents that tarnish DeFi’s reputation.  Until they reach a higher level of security and such incidents become less commonplace, DeFi projects will continue making platform users whole after a security incident – or risk a total collapse in the market for non-money laundering usage. 

Depending on their popularity, open-source products can be highly secure and DeFi should be no different. At some point in time – after decentralized protocols are adequately security tested and implemented and DeFi projects become fully independent and organic and not reliant on any centralized cloud solution or centralized servers, breaches such as the one that hit BitMart will be rare.  In other words, as the market and business opportunities for DeFi increase in scale and scope DeFi’s security profile will naturally evolve.

Accounting Firm, Electronic Health Records, Litigation Management, Network Security, Risk Management, Technology Law

B2 – B1 < (P x H)1 – (P x H)2

On February 16, 2021, The Sedona Conference (TSC) – a nonpartisan, nonprofit research and educational institute “dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation and intellectual property rights”, released its final “Commentary on a Reasonable Security Test“.  TSC is well known for previously helping Courts around the country determine the proper contours of e-discovery.  

Recognizing that cybersecurity reasonableness crosses both legal and technology domains, TSC sought a reasonableness test that would help bridge that divide.  Accordingly, the proposed test for reasonable security was designed to be consistent with “models for determining reasonableness that have been used in various other contexts by courts, in legislative and regulatory oversight, and in information security control frameworks.” The Sedona Conference, Commentary on a Reasonable Security Test, 22 SEDONA CONF. J. 345, 358 (forthcoming 2021).  To that end, this test is ultimately based on the landmark Learned Hand negligence test in United States v. Carroll Towing Co., 159 F.2d 169, 173 (2nd Cir. 1947).  

The Sedona Conference Reasonable Security Test consists of “B2 – B1 < (P x H)1 – (P x H)2” where B represents the burden, P represents the probability of harm, H represents the magnitude of harm, subscript 1 represents the controls (or lack thereof) at the time the information steward allegedly had unreasonable security in place, and subscript 2 represents the alternative or supplementary control.  22 SEDONA CONF. J. at 360.  

TSC’s Commentary should be carefully studied for numerous reasons, including the fact TSC applies it to actual recent enforcement actions and provides solid arguments for its judicial application.  No different than its highly cited e-discovery initiatives, this new TSC approach may very well be relied on by courts tackling the important question of what constitutes reasonable security in the context of a data breach litigation or enforcement action.

Blockchain, Digital Assets, DLT, Intellectual Property, Technology Law

The DeFi End Game

A skilled chess player will tell you the best way to study chess at a high level is to first study endgames and truly learn the power of each piece.  Memorizing book openings generally comes last.  If one wants to learn about the insurance industry, first take a job in the claims department.  In a similar way, students of disruptive technologies benefit from first learning their “end game”.  

Blockchain is one disruptive technology that still has not fully discovered its business sea legs.  The purported proxy for blockchain – Bitcoin, recently hit all-time highs so naturally on January 3, 2021 a forecaster placed a ten-year target of $1 million on this speculative asset.   Every good bubble requires inflating and the very speculative Bitcoin bubble currently being massively inflated by hedge fund money is no different.   

Bitcoin’s bubble ascension does not mean, however, the seismic blockchain and distributed ledger technology (DLT) shifts taking place over the past five years in the financial industry have been illusory or should be ignored.  As previously recognized, “acceptance of blockchain technology by the financial industry will be indelible proof those mistakes of 1995 made by retail sales and marketing companies will not be repeated by the financial industry.” 

Over the past several years, financial titans have reluctantly come out swinging in favor of convertible virtual currency (CVC) transactions.  For example, most US PayPal customers now have the ability to buy, sell and hold four different cryptocurrencies – BTC, ETH, LTC, and BCH, and use them as a funding source with the company’s 26 million merchants.  Presently, PayPal’s maximum dollar amount for weekly CVC purchases is $20,000 but even that relatively high consumer amount will likely change upwards as Paypal moves up the financial transaction food chain – with Paypal’s Venmo next in line.

The largest bank in the United States – J.P. Morgan Chase, launched its JPM Coin in 2019, and in October 2020 set up an entirely new business, Onyx, as an umbrella for its blockchain and CVC initiatives – including JPM Coin.  According to Jamie Dimon, Chairman and CEO of J.P. Morgan:  “Onyx is at the forefront of a major shift in the financial services industry. This new business unit reflects J.P. Morgan’s commitment to innovation as we continue to build cutting-edge technology that delivers a better, faster and more inclusive financial system.” On December 10, 2020, J.P. Morgan announced it completed a live, blockchain-based intraday repo transaction using JPM Coin.  And, Visa has filed a patent application for what may seem perfunctory, namely recording digital currencies on a blockchain.

Apart from these blockchain-based efforts, there is a whole category of blockchain initiatives that will forever fundamentally alter the broader financial sector – to the likely chagrin of PayPal, J.P. Morgan, and Visa. The banner name for these new blockchain and DLT initiatives is “DeFi”, or decentralized finance.

In December 2019, the entire Total Value Locked (TVL) in the DeFi market was worth less than $700 million, by the end of December 2020 it grew to $14 billion, and as of January 5, 2021 the total TVL in DeFi was at over $19 billion and growing – representing a staggering growth trajectory.  The TVL in the DeFi market represents all DeFi projects but is largely driven by the lending platform MakerDAO – a decentralized credit platform supporting Dai, a stablecoin pegged to the US dollar.  Decentralized exchanges (DEXes) such as Uniswap largely make up the remaining bulk of projects.  DEXes enforce trading rules and execute trades without charging the high fees normally associated with alternative investment trades.   

A commitment of $19 billion to DeFi initiatives may seem miniscule compared to, for example, the over $6 trillion in foreign exchange trades conducted each day.   On the other hand, each DeFi transaction potentially empowers individuals while at the same time weakening the grip over the monetary system currently held by central banks and finance intermediaries – a true game changer by any measure.

Generally relying on the public Ethereum blockchain platform, most DeFi projects deploy smart contracts to automate what previously required human intervention – obviating the need for central authorities such as banks or intermediaries.  DeFi Pulse nicely showcases the benefits of DeFi by describing it as “money Legos” and giving the following example:

Compound is a money market or, in other words, a lending service on Ethereum. When you supply DAI to Compound, you receive cDAI tokens which represent both your DAI in Compound and any interest you’ve earned from lending. Since cDAI is a token, you can send, receive, or even use cDAI in other smart contracts. Money Legos in action: ETH into MakerDAO to mint DAI tokens, DAI being supplied to Compound, cDAI tokens can be used in other DApps.  For example, you can swap ETH for cDAI on a DEX and instantly start earning interest for just holding cDAI. And because you choose how you interact with smart contracts on the blockchain, you can use a DEX aggregator like DEX.AG to compare and trade at the best prices across all the popular DEXes, all within seconds.

In 2021, crowdfunding will help fund some of the DeFi startups looking to eventually disintermediate the more traditional financial firms these startups would otherwise approach for financing.   As of November 2020, online platforms can raise up to $5 million in seed capital in a State-preempted manner – with previous platforms raising hundreds of millions of dollars using the prior SEC Regulation Crowdfunding cap of $1.07 million.  Even though a typical crowdfunding online platform itself breaks away from traditional centralized banking platforms its success is not relevant for purposes of the DeFi initiatives potentially opened up by Regulation Crowdfunding.  What may be more relevant are the new ideas coming to market without the latent influence of legacy financing.  

Before widespread adoption of any DeFi product is even feasible, however, regulatory scrutiny will be needed to protect consumers onboarding these new DeFi applications.   Given that a CVC wallet is the exit ramp for many DeFi initiatives, it is no surprise that has been an area of regulatory interest.  For example, the US Treasury’s Financial Crimes Enforcement Network (‘‘FinCEN’’) recently proposed a rule that would require banks and money service businesses to file a report with FinCEN containing information related to a customer, their CVC transaction, and counterparty (including name and physical address) “if a counterparty to the transaction is using an unhosted or otherwise covered wallet and the transaction is greater than $10,000.” FinCEN is issuing regulations on transactions using digital currency wallets because the growth of individual CVC transactions will continue unabated.  

While providing a suggested Token Safe Harbor Proposal, SEC Commissioner Hester M. Peirce offered an excellent analysis of the “regulatory Catch 22” faced by decentralized networks looking to comport with SEC regulatory law. In addition to Commissioner Peirce’s forward thinking, the SEC also recently set free its FinHub as a separate office to assist blockchain and DLT innovators.  

Despite these technology-forward initiatives, the SEC continues placing an exclamation point on its regulatory reach. For example, the SEC last month shook the Ripple world by claiming in a lawsuit Ripple’s XRP token –  used by financial institutions around the globe, was an unregistered security.  It also ended the year by filing a Cease and Desist Order against ShipChain on similar grounds. These sort of efforts convey US regulators still corralling the blockchain stallion – albeit primarily through the Howey door. Disruptive DeFi initiatives should remain undeterred.

More urgent concerns for the DeFi community are coding bugs, double-spend exploits, traditional hacks, and any number of faulty implemented software functions caused when smart contracts fail to undergo adequate audits.  Despite only losing $50 million in 2020, malicious actors will certainly begin seeing a larger target over DeFi’s head as its growth continues.  Moreover, given most DeFi projects run on Ethereum, there are future threats not even widely discussed – such as those potentially arising from miners who map out transactions on a blockchain for a fee and who are no longer satisfied with just receiving their fees.

All of these potential risks – whether regulatory, technological, malicious, or competitive, however, remain dwarfed by the potential upside found in a successful, widely-adopted DeFi application or protocol.  One likely key to success is to replicate what companies such as PayPal chose to do – take a widely used existing tool and deploy into it a profitable new way that allows for flexibility with actual autonomy and consumer self-determination.  DeFi will ultimately go nowhere if it only brings into the fold insiders stuck in Moore’s early adopter phase.  

Moreover, no open-source project can ascend until a large enough market believes the tradeoffs between ease of use, financial benefits, and utility ring strongly in its favor.  For example, despite having a strong web server market position, a Linux desktop will never really threaten Microsoft’s foothold until the relevant commercial and consumer markets believe a Linux desktop truly meets all of their needs. 

Similarly, DeFi will never gain a foothold reaching above the “PayPalJPMVisa” mountain peak until at least one DeFi application checks all the relevant boxes for a sizable enough market.  It may be a decade before a DeFi project reaches that vantage point – with the classic Amazon vs. Sears endgame likely being studied along the way.