HUY NGUYEN
30 Sept 2022
NFTs in the metaverse should generally be considered securities, but developers have been slow to recognize that fact. Expect a regulatory reckoning to come swiftly for Axie Infinity, Bored Apes, and other projects that have thrown caution to the wind.
The metaverse is a futuristic iteration of the internet, featuring a digital economy and an immersive virtual environment alongside other interactive features. This relatively nascent space has gained so much traction in recent years that conservative estimates suggest that by 2024, its total valuation could top $800 billion. Meta (the parent body behind Facebook and Instagram), Google, Microsoft, Nvidia, Nike and others have made Fortune-100-sized metaverse splashes.
But with great valuations comes great scrutiny from increasingly tech-savvy financial regulators. Unlike traditional tech products, which often spend years putting growth over revenue, some metaverse projects push questionable monetization schemes on their users prior to launching a live experience. Metaverse real estate is a prime example of this practice, with platforms like Big Time games selling land in their metaverse before opening up access to the game.
Typically, the United States Securities and Exchange Commission doesn’t step in unless retail investors face predatory courting of their dollars without full disclosure of what they are investing in. The line for what classifies as a security is often blurry — but in the case of the metaverse, the practice of land sales should generally be considered a security under U.S. law.
GameFi platforms like Axie Infinity demonstrate the speed at which metaverse projects can birth multi-billion-dollar economies. Their sheer scale necessitates internal controls and monetary policies similar to multinational banks or even small countries. They should be required to staff compliance officers who coordinate with government regulators and even conduct Know Your Customer for large transactions.
The metaverse is intrinsically linked with financialization. While no bodily harm can be inflicted in the metaverse (yet), a lot of financial harm has already been caused. The company behind the Bored Apes Yacht Club nonfungible tokens (NFTs) saw a hack this year after a community manager’s Discord was compromised. Hackers walked away with NFTs worth 200 Ether (ETH).
A swath of Wall Street banks was recently fined $1.8 billion for using “banned” messaging apps. Metaverse projects like Yuga Labs should face similar proactive fines for not implementing secure monetary and technical controls.
Risks associated with operating in the metaverse
Cybercriminals are continually discovering new tactics to exploit users of the metaverse — i.e., through hacking schemes or identity theft. Because AR and VR wearables associated with these ecosystems generate massive volumes of personal data — including biometric info from eye-tracking and body-tracking technology — the metaverse is a tantalizing playground for bad actors.
Outside of financial theft, privacy concerns abound as three-dimensional data sets will reveal increasingly sensitive personal information. The General Data Protection Regulation in Europe and the California Consumer Protection Act are comprehensive pieces of privacy legislation that have forced tech platforms to hire data protection officers and data privacy compliance officers. Metaverse platforms will need to fill similar roles and could face even greater regulatory scrutiny, given the sensitivity of the data they might collect.
Challenges to regulation
Because any network operator, firm or business, on paper, can exist outside of a proposed regulatory framework if they chose to do so — any given country’s efforts at regulation will have limited impact.
This is perfectly illustrated by the fact that many of the social media platforms we use today, including Twitter and Facebook, are not based in the U.S., but instead, operate from countries like Ireland and Singapore, where data protection laws are much more relaxed.
The same logic applies to the metaverse. Even if a country were to pass a law attempting to regulate this space, it is doubtful that all businesses would agree to abide by it.
Therefore, unless every participant of the metaverse aligns and agrees with the vision of setting up a uniform code of governance, there is no way of stopping a third-party entity (such as an offshore investment firm) from creating its own unregulated pocket within the metaverse, which users of other digital ecosystems can then access without any apparent restrictions.