blockchain
Page: 2
Almost five years ago, I wrote a column about how Bitcoin and Blockchain might change the music business. At the time, the question seemed more about how than if: An online merchandise store had just started accepting cryptocurrency, several entrepreneurs had founded startups to use blockchain technology to pay rights holders, and entrepreneur and then-Dot Blockchain CEO Benji Rogers predicted that “Blockchain technology is coming like a tsunami.”
I was skeptical. I called Blockchain “a solution looking for a problem” and pointed out that the only person I knew who had bought anything with Bitcoin was a former neighbor in Berlin who had purchased LSD online. At that time, Bitcoin was worth $11,631 and the Dow Jones average was 25,803.
As Bitcoin shot up — to a November 2021 high of more than $56,000 — more artists and music executives became certain that cryptocurrency and Blockchain technology would change everything. Artists sold NFTs — as did Billboard — and in February Coachella sold $1.4 million of NFTs, including 10 lifetime passes to the annual festival.
Now the cryptocurrency exchange FTX is in bankruptcy, Bitcoin is down to $16,099, and the U.S. will almost certainly regulate cryptocurrency “banks” and exchanges. In economic terms, that means cryptocurrency companies might have to compete on an even playing field with traditional finance entities, which would reduce risk for consumers but eliminate some of the advantage that startups get from making their own rules. In non-economic terms, Mom and Dad are home, they’re pissed, and they’re not going to let you run your business unless you can wear your big-boy pants!
So, what about that tsunami? It has been a busy five years for the music industry: recorded music boomed, major financial players invested in publishing catalogs, two of the three major labels went public, Latin music gained a bigger global audience, and TikTok emerged as a transformative source of promotion. Blockchain and Bitcoin barely changed the industry at all, though. A few artists made an insane amount of money on NFTs and a bunch of companies announced plans to fundamentally disrupt disruption itself. But Bitcoin is still an inefficient means of exchange and a poor store of value — at best it’s a high-yield, high-risk investment — and Blockchain is still a solution in search of a problem.
A little more than a year after my column, Benji Rogers, he of the tsunami prediction, left Dot Blockchain, which in September 2019 rebranded as Verifi Media. The company still helps rights holders track ownership and use data, but it doesn’t emphasize Blockchain technology on its website. (Emails to the Verifi publicity contact came back as undeliverable.) That makes sense: The big problem with rights data has always been that it’s incorrect or incomplete. Blockchain is a distributed database that allows users to track changes, but it can’t fix incorrect or missing information.
Five years ago, the startup Choon had a plan to track music use with Blockchain and pay rights holders immediately with a digital currency called Notes. It went out of business in 2019, as Notes fell in value along with Bitcoin. The following year, Choon co-founder Bjorn Niclas launched Rocki amid the pandemic and exchanged outstanding Notes for Rocki tokens at a 50:1 ratio. (The company also lets independent musicians sell NFTs.) Since then, “Rocks” tokens have gone from being worth about 5 cents each, up to an April 2021 high of $5.45 — it peaked when Bitcoin did — and down to about a penny. That sounds exciting, and potentially profitable, but I suspect most artists prefer to get paid in currency that holds its value.
Bitcoin and NFTs aren’t going anywhere — some investors see the “crypto winter” as a buying opportunity, while others just want to HODL. (Art NFTs are performing better than most.) But the collapse of FTX will inspire investors, and hopefully government agencies, to ask more questions about whether celebrities who buy and sell NFTs are being transparent enough about their transactions — especially since the fans they influence may buy into investments in a way that help those who already own them.
Like many online technologies, Blockchain and Bitcoin offered a utopian dream of decentralization, free from government regulation and control. When it comes to finance, however, government regulation isn’t a bug, to use the technology phrase — it’s a feature. Just ask anyone who had money with FTX, which wasn’t insured by the Federal Deposit Insurance Corporation (FDIC) the way U.S. banks are. Among the assets stuck in the exchange are the Coachella Keys that offer holders access to the festival.
Coachella told Billboard that it’s confident it will handle this issue. But it’s hard not to wonder if there wasn’t an easier way to do this — say, passes with QR codes, or maybe even just spots in a database that could be sold with the cooperation of the event promoter. Blockchain is essentially a distributed database that can operate at internet scale, and it’s easy to see how exciting that is. It’s just still hard to see what use the music business might have for it.
One evening in July, panic spread in a small corner of the Web3 music space. Mysteriously, $6.1 million worth of cryptocurrency began moving out of blockchain music service Audius’ company treasury into an unknown wallet. Audius was being hacked.
The hacker discovered a bug that allowed them to take control of the Audius treasury — the crypto equivalent of a shared bank account — and transfer the entire funds to their own crypto address. The bug had lived in the code for two years.
This is shaping up to be the worst-ever year for crypto hacks, according to Chainalysis, with over 125 major hacks surpassing $3 billion in total, and on track to surpass the $3.2 billion in 2021.
Meanwhile, phishing scams continue to drain NFT wallets at an alarming rate. “Everything is unbelievably insecure,” says Sam Williams, founder of blockchain storage platform Arweave and a self-proclaimed “hacker,” though he uses the term as a broad description for coders. “We’re in the hackers’ Wild West of Web3 right now.”
Since the popularity of NFTs and cryptocurrencies like Bitcoin took off in early 2021, things have only gotten worse, creating a honeypot for hackers. “There was a lot of fluff brought in during the hype cycle last year,” Williams says, “and that typically lowers security standards for a period.” Teams scrambled to push products live to capitalize on the stream of new money paying too little attention to security.
For music companies or artists entering the space, the consequence of a hack could be enormous. Audius took a $6 million financial hit but it’s more than just money. Exploits can also damage the trust of music fans and undermine the entire promise of Web3. Warner Music Group considered this dilemma when launching its Stickmen Toys NFT collection earlier this year. “No matter how much time, how many resources, or how good of intentions go into a project, if there is a security breach, it can harm the project and its team’s reputation,” says Jillian Rothman, Warner’s vp of new business & ventures, business development.
The stakes of hacking are higher in Web3 than in today’s internet because customers are at direct risk of losing their money. If there’s a malicious link in a Discord server, dozens of community members could have their NFTs or cryptocurrency stolen from their wallet. If there’s a bug in the code, users could have their funds cryptographically locked with no recourse. The community backlash from these security incidents can be severe and costly that Web3 teams often resort to refunding users out of their own pocket. So, where are the biggest risks and what can music companies do to protect themselves and their artists?
Experts say the main vulnerabilities for the NFT space lie in smart contracts. These are programs written by developers on top of blockchains like Ethereum that hold funds and execute transactions — such as paying out royalties on secondary sales. “Smart contracts are just buggy and can be exploited,” says Nic Carter — partner at Castle Island Ventures, a VC firm with several Web3 music investments. “Things are so new in the crypto space that developers are still learning the best practices for safety.”
One NFT project, for example — Aku, by former MLB player Micah Johnson — got $34 million locked in a smart contract due a small bug in the code. The money was never recovered.
One way to immediately lower the risk is operating with transparency. “It should be damn open source,” says Williams, so that anyone can check and verify the code. “There’s no point trying to hide it. Better you find [bugs] early so you can fix them.” Blockchains like Ethereum are transparent by nature so hackers will find exploits if companies go live with buggy code. Better to test it in the open on so-called test-nets before deploying with real money and high stakes. While building publicly might take away an element of surprise in terms of marketing, it’s a small price to pay for added security. Additionally, smart contracts should be audited by external developers.
Next, there’s the risk of customers getting their wallets hacked. “[Crypto wallets are] probably the No. 1 risk,” for newcomers, says Carter. “A poor wallet setup or a failure of key management — that’s probably been responsible for the greatest loss of funds.” Companies can keep the community safe by highlighting the risks and educating music fans entering the space.
Carter recommends that anyone interacting with crypto use a hardware wallet — a USB device that disconnects from your computer and the internet. And they should limit the funds on a “hot wallet,” such as Metamask, which can be easily compromised through malicious links. “The NFT space is really aggressively targeted by phishing,” he cautions. “I think because it was mainstreamed so quickly… It meant a lot of people didn’t have as much experience in [wallet] management.” He also suggests using two-factor authentication on all crypto-related accounts and advises against clicking unknown links.
The team at Warner put this into practice using a “security” page on their projects’ Discord servers. Users have to read this page before entering. It explains the best practices and warns the community how to spot scams. “In a nascent space, bad actors prey on unsuspecting community members,” says Sebastian Simone, Warner’s vp of audience & strategy. “It will take longer for Web3 to go mainstream if people have negative experiences.”
Importantly, however, the failure of wallets and smart contracts does not imply a failure of the blockchain itself. “It’s extremely rare to have the blockchain itself be hacked,” says Carter. It is the code and applications on top of the blockchains that pose the biggest security threat.
Carter and Williams are both optimistic that these security issues will decline over the coming years through standardized contracts and simpler code, but the young industry is still learning the hard way. With every new exploit, developers are learning where the vulnerabilities are and adopting safer practices for the future.
As Carter puts it, “Safety rules are written in blood.”