UPDATED (Dec. 11, 19:08 UTC): Notes that a nearly a five-hour gap between the time of the tweet and the transaction containing the offensive entry, potentially allowing someone completely unaffiliated with the project to have perpetrated the offensive transaction.
One of the problems with the recent phenomenon of food brands getting into NFTs is that food is actually quite different from NFTs.
If you’re a business that’s really good at like, nailing the economics of mass-producing hamburger meat, there’s no guarantee you’re going to have the same success peddling tokens on a blockchain.
Take McDonald’s, the fast-food megachain that announced its first collection of NFTs last month in conjunction with the return of the McRib (essentially a soupy version of a pork sandwich). The McRib is available for a limited time each year, typically starting around October or November.
In this year’s press release, the company described its ten McRib NFTs as “digital versions of the fan favorite sandwich” – something to cherish during those long summer months when the physical product isn’t on sale.
i present to u the most important NFT. RT for a chance to win one of ten exclusive #McRibNFT
— McDonald's (@McDonalds) November 1, 2021
The NFT drop was also a sweepstakes; McDonald’s has been reaching out to winners on Twitter in recent weeks.
But on Friday night, a trader with the handle @ok_0S noticed that an early transaction to what appeared to be the Ethereum address associated with the official McRib NFT collection contained a racial slur, inscribed directly on the Ethereum blockchain.
CoinDesk has found numerous connections between the transaction and the NFT collection, presenting a case study for why major brands would be well served to approach this technology with caution. Numerous attempts to reach McDonald’s for comment Friday evening were unsuccessful.
The digital trail appeared to show that McDonald’s official Twitter account is directly linked to the Ethereum blockchain transaction containing the slur.
While it would seem that someone with foreknowledge of the account wrote and posted it prior to the creation of the NFTs, there was a nearly five-hour interval between the time of McDonald’s tweet and that first transaction. It was possible, as we show below, to work one’s way from the tweet to the contract, it’s possible that a troll completely unaffiliated with McDonald’s or the creator of the NFT to have found the contract and posted the offensive transaction without anyone else being the wiser.
Here’s the chain of events:
On Nov. 1, McDonald’s brand Twitter began promoting its McRib NFT contest with a link to the sweepstakes’ rules:
That rules page in turn links to McDonald’s verified Rarible account, which prominently features the 0x2ef743b24a915a5d6c489479865a4e98d191efac Ethereum address. This address is the creator of the McRib NFT contract.
The first of a total of 11 transactions associated with the address is a deposit of 0.000069 ETH. As a part of a transaction, Ethereum users can choose to add hexadecimal data. This data can be used to send messages, and can even be used to anonymously negotiate standoffs, as in the case of the $600 million Poly Network hack.
The deposit in question includes data which, when decoded, reads “ay yo n***a gibsme sum of dat mcrib.”
The sender’s address, which owns the Ethereum Name Service domain the-boss.eth, shows that they are a prolific NFT flipper, OpenSea user, and has used various DeFi protocols across 729 network transactions.
In addition to the link between the McDonalds verified Twitter account and the verified Rarible NFT account, CoinDesk found that one recipient of the NFTs associated with the address where the slur was posted, “BTCMike,” had been contacted by McDonalds to receive the NFT:
— McDonald's (@McDonalds) November 22, 2021
Who wants this?
Ultimately, the link between the transaction and the NFTs appears to be conclusive. Regardless of whether the person who created the offensive contract had prior knowledge of the account, such as an employee or contractor for McDonald’s, or was a rogue agent who came upon the contract on their own, it highlights the risks involved with public companies working with blockchain, where almost anyone can post a transaction for all to see. And posts on the blockchain are forever.
While other brands have experienced high-profile flubs with their early forays into NFTs, such as the Time Magazine drop which was exploited and saw the majority of the nearly 5,000 NFTs go to bots, this may be the biggest embarrassment yet.
Finding this message requires some degree of technical knowledge; McDonalds likely doesn’t have the internal expertise to realize that such an event would be permanently associated with the project.
Aside from brands cavalierly wading into the space to sometimes disastrous results, it also remains unclear who they’re taking the risks for, exactly.
Read more: Who Really Wants Corporate NFTs?
Many NFT efforts from major brands have failed to see significant traction. The McRib NFTs, for instance, have never been traded.
But now the NFT is forever tied to a racist slur. All to promote a limited-time offer.
Source: Coin Desk