A company needs to weigh the risks and rewards when deciding to create NFTs.
UPDATED (Dec. 11, 19:08 UTC): Notes that a nearly a five-hour gap between the time of the tweet and the transaction containing the offensive entry, potentially allowing someone completely unaffiliated with the project to have perpetrated the offensive transaction.
UPDATED (Dec. 12, 15:05 UTC): Includes statement from McDonald’s US
One of the problems with the recent phenomenon of food brands getting into NFTs is that food is actually quite different from NFTs.
If you’re a business that’s really good at nailing the economics of mass-producing hamburger meat, there’s no guarantee you’re going to have the same success peddling tokens on a blockchain.
Take McDonald’s, the fast-food megachain that announced its first collection of NFTs last month in conjunction with the return of the McRib (essentially a soupy version of a pork sandwich). The McRib is available for a limited time each year, typically starting around October or November.
In this year’s press release, the company described its ten McRib NFTs as “digital versions of the fan favorite sandwich” – something to cherish during those long summer months when the physical product isn’t on sale.
The NFT drop was also a sweepstakes; McDonald’s has been reaching out to winners on Twitter in recent weeks.
CoinDesk has found numerous connections between the transaction and the NFT collection, presenting a case study for why major brands would be well served to approach this technology with caution.
In a statement to CoinDesk, a McDonald’s USA spokesperson said an internal investigation found that no employee or representative was involved with the offending transaction, and that the contents of the message are “wholly inconsistent with our values, which is unacceptable.”
“This is deeply offensive language, and it has no place at McDonald’s or in association with our brand. We do not believe, and have found no evidence to suggest, that this hidden message originated from within the company or one of our partners. But as we continue to investigate, we will take appropriate action and will be carefully evaluating any future NFT programs.”
The digital trail appeared to show that McDonald’s official Twitter account is directly linked to the Ethereum blockchain transaction containing the slur.
While it would seem that someone with foreknowledge of the account wrote and posted it prior to the creation of the NFTs, there was a nearly five-hour interval between the time of McDonald’s tweet and that first transaction. It was possible, as we show below, to work one’s way from the tweet to the contract, it’s possible that a troll completely unaffiliated with McDonald’s or the creator of the NFT to have found the contract and posted the offensive transaction without anyone else being the wiser.
Here’s the chain of events:
On Nov. 1, McDonald’s brand Twitter began promoting its McRib NFT contest with a link to the sweepstakes’ rules:
The first of a total of 11 transactions associated with the address is a deposit of 0.000069 ETH. As a part of a transaction, Ethereum users can choose to add hexadecimal data. This data can be used to send messages, and can even be used to anonymously negotiate standoffs, as in the case of the $600 million Poly Network hack.
The deposit in question includes data which, when decoded, reads “ay yo n***a gibsme sum of dat mcrib.”
The sender’s address, which owns the Ethereum Name Service domain the-boss.eth, shows that they are a prolific NFT flipper, OpenSea user, and has used various DeFi protocols across 729 network transactions.
A McDonald’s US spokesperson told CoinDesk that this account is not affiliated with the company, and that this was an act of on-chain vandalism.
“Those who are familiar with this space will know that once the address for a crypto wallet (where NFTs are stored) is public – which McDonald’s address was before this incident occurred – anyone can initiate a transfer to that account. Those transfers can include encrypted messages that are extremely difficult to regulate or trace,” they wrote.
In addition to the link between the McDonalds verified Twitter account and the verified Rarible NFT account, CoinDesk found that one recipient of the NFTs associated with the address where the slur was posted, “BTCMike,” had been contacted by McDonalds to receive the NFT:
Who wants this?
Ultimately, the link between the transaction and the NFTs appears to be conclusive. Regardless of whether the person who created the offensive contract had prior knowledge of the account, such as an employee or contractor for McDonald’s, or was a rogue agent who came upon the contract on their own, it highlights the risks involved with public companies working with blockchain, where almost anyone can post a transaction for all to see. And posts on the blockchain are forever.
Other brands have experienced high-profile flubs with their early forays into NFTs, such as the Time Magazine drop which was exploited and saw the majority of the nearly 5,000 NFTs go to bots.
Finding this message requires some degree of technical knowledge; McDonald’s likely doesn’t have the internal expertise to realize that such an event would be permanently associated with the project.
Aside from brands cavalierly wading into the space to sometimes disastrous results, it also remains unclear who they’re taking the risks for, exactly.
Many NFT efforts from major brands have failed to see significant traction. The McRib NFTs, for instance, have never been traded.