UPDATED (Dec. 11, 19:08 UTC): Notes that a nearly a five-hour gap between the time of the tweet and the transaction containing the offensive entry, potentially allowing someone completely unaffiliated with the project to have perpetrated the offensive transaction.
UPDATED (Dec. 12, 15:05 UTC): Includes statement from McDonald’s USA.
One of the problems with the recent phenomenon of food brands getting into NFTs is that food is actually quite different from non-fungible tokens.
If you’re a business that’s really good at nailing the economics of mass-producing hamburger meat, there’s no guarantee you’re going to have the same success peddling tokens on a blockchain.
Take McDonald’s, the fast-food megachain that announced its first collection of NFTs last month in conjunction with the return of the McRib (essentially a soupy version of a pork sandwich). The McRib is available for a limited time each year, typically starting around October or November.
In this year’s press release, the company described its ten McRib NFTs as “digital versions of the fan favorite sandwich” – something to cherish during those long summer months when the physical product isn’t on sale.
The NFT drop was also a sweepstakes; McDonald’s has been reaching out to winners on Twitter in recent weeks.
CoinDesk has found numerous connections between the transaction and the NFT collection, presenting a case study for why major brands would be well served to approach this technology with caution.
In a statement to CoinDesk, a McDonald’s USA spokesperson said the following:
“This is deeply offensive language, and it has no place at McDonald’s or in association with our brand. We do not believe, and have found no evidence to suggest, that this hidden message originated from within the company or one of our partners. But as we continue to investigate, we will take appropriate action and will be carefully evaluating any future NFT programs. This bad actor is using the McDonald’s brand to promote a deplorable message that is wholly inconsistent with our values, which is unacceptable.”
The digital trail appeared to show that McDonald’s official Twitter account is directly linked to the Ethereum blockchain transaction containing the slur.
While it would seem that someone with foreknowledge of the account wrote and posted it prior to the creation of the NFTs, there was a nearly five-hour interval between the time of McDonald’s tweet and that first transaction. It was possible, as we show below, to work one’s way from the tweet to the contract; it’s possible that a troll completely unaffiliated with McDonald’s or the creator of the NFT found the contract and posted the offensive transaction without anyone else being the wiser.
Here’s the chain of events:
On Nov. 1, McDonald’s brand Twitter began promoting its McRib NFT contest with a link to the sweepstakes’ rules:
The first of a total of 11 transactions associated with the address is a deposit of 0.000069 ETH. As a part of a transaction, Ethereum users can choose to add hexadecimal data. This data can be used to send messages, and can even be used to anonymously negotiate standoffs, as in the case of the $600 million Poly Network hack.
The deposit in question includes data which, when decoded, reads “ay yo n***a gibsme sum of dat mcrib.”
The sender’s address, which owns the Ethereum Name Service domain the-boss.eth, shows that they are a prolific NFT flipper and OpenSea user, and has used various decentralized finance protocols across 729 network transactions.
A McDonald’s USA spokesperson said this of the connection:
“Those who are familiar with this space will know that once the address for a crypto wallet (where NFTs are stored) is public – which McDonald’s address was before this incident occurred – anyone can initiate a transfer to that account. Those transfers can include encrypted messages that are extremely difficult to regulate or trace,” the spokesperson wrote.
In addition to the link between the McDonald’s verified Twitter account and the verified Rarible NFT account, CoinDesk found that one recipient of the NFTs associated with the address where the slur was posted, “BTCMike,” had been contacted by McDonald’s to receive the NFT:
Who wants this?
Ultimately, the link between the transaction and the NFTs appears to be conclusive. Regardless of whether the person who created the offensive contract had prior knowledge of the account, such as an employee or contractor for McDonald’s, or was a rogue agent who came upon the contract on their own, it highlights the risks involved with public companies working with blockchain, where almost anyone can post a transaction for all to see. And posts on the blockchain are forever.
Other brands have experienced high-profile flubs with their early forays into NFTs, such as the Time Magazine drop, which was exploited and saw the majority of the nearly 5,000 NFTs go to bots.
Finding this message requires some degree of technical knowledge; McDonald’s may not have the internal expertise to realize that such an event would be permanently associated with the project.
Aside from brands cavalierly wading into the space to sometimes disastrous results, it also remains unclear for whom they’re taking the risks.
Many NFT efforts from major brands have failed to see significant traction. The McRib NFTs, for instance, have never been traded.
“While there is so much excitement and hope for emerging spaces such as crypto, it is tremendously disappointing to see the platform used in this way,” a McDonald’s USA spokesperson wrote.
-Danny Nelson contributed reporting to this story.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.