Extremist NFTs Across Blockchains

Julia Handle, Louis Jarvers
Wednesday, May 31, 2023, 8:15 AM
NFTs are used to spread extremism. While they are not yet a major ground for extremism, more research should be directed toward understanding the societal impact of Web3 on security.
(xresch, https://pixabay.com/illustrations/blockchain-block-chain-bitcoin-3750157/; Pixabay.)

Published by The Lawfare Institute
in Cooperation With

Extremists make use of the internet just like everybody else does—only with different intentions. From sharing of information on “classic” websites and active recruitment in closed chat rooms to propaganda via social media platforms, the internet has served as an enabler for recruitment and radicalization. While researchers agree that the internet is rarely the sole driver of radicalization, it absolutely acts as a facilitator. When trying to prevent or counter extremists’ use of the internet, organizations frequently face the same issue: They are too late. Often, extremists are faster to move to new platforms, escape efforts at deplatforming, and quickly adapt to the latest developments and trends. 

While tech companies, politics, and civil society continue to discuss how to regulate social networks, a new age of the internet is dawning: the Web3. Characterized as a “decentralized online ecosystem based on the blockchain,” Web3 comprises distributed ledger technologies (and buzzwords) like cryptocurrencies, the metaverse, (non-fungible) tokens (NFTs), and smart contracts. More and more, private firms are rushing to invest in distributed ledger technology, and banks project astronomical values of Web3 in 2030. These developments are raising questions about security and abuse: Cryptocurrencies are already notorious for funding terrorism and extremism—so what happens if NFTs with extremist content are now sold to fund white supremacists? What happens when the virtual reality avatars and metaverse spaces no longer appeal only to game nerds but are used by terrorists as training camps or perimeters to plot attacks? What happens when distributed file systems based on blockchain technology become (even) more prominent storage and exchange facilities to share bomb-making instructions or fascist propaganda? With the technological advancements of Web3, it is critical to examine their application to extremism. To better understand the connection between NFTs and (far-right) extremist content, the authors of this article recently collected 7,500 NFTs and their metadata from 11 blockchains. In this piece, the authors provide a summary of this analysis and discuss the need for more research toward understanding the societal impact of Web3. While NFTs may not yet be a major ground for extremism, it is nonetheless critical that researchers work now to understand security threats on the Web3—the future of the internet—in order to address them moving forward.

Web3 Security Threats

To foresee the potential threats of Web3, we must first understand it. The third generation of the internet, originally called the Web 3.0, exists only with reference to Web 1.0 and Web 2.0. While the first generation regarded users mostly as readers of content on static websites (“read-only”), the Web 2.0 established platforms, such as Facebook, Twitter, or WordPress, where users create content themselves (“read-and-write”). Decentralized platforms in Web 3.0 enables users to read, write, and own the platforms as a shareholder. The decentralization comes with three inherent changes to the technical infrastructure of the internet, namely “individual smart-contract capable blockchains, federated or centralized platforms capable of publishing verifiable states, and an interoperability platform to hyperconnect those state publishers to provide a unified and connected computing platform for Web 3.0 applications.” Blockchains are central building blocks to the Web3 infrastructure as they serve as decentralized data storage facilities that are transparent and fraud resilient. Managed by peer-to-peer computer networks, blockchains usually store relevant information, such as cryptocurrencies, smart contracts, identity information, or property rights (usually in the form of “tokens”). These property rights include so-called NFTs, which serve as unique digital identifiers and often represent ownership over digital objects, like images, videos, or animations. 

At this point it is unclear what importance will be attributed to Web3 in the future: Will its main use be inerasable photos and videos distributed across blockchains, terror financing via NFT trading, or highly immersive radicalization techniques via virtual reality? While that is still playing out, law enforcement and security agencies are facing the immense task of assessing the threat that might evolve from a more decentralized internet. Interpol, Europol, and national law enforcement agencies are developing capabilities to face the dangers of Web3. Threats and crimes on Web3 can be separated into two groups: crimes that are already known and are adapted into the decentralized web, and previously unknown crimes that only the new (technological) characteristics of Web3 enable. Knowing of the abundance of potential threats, we focus on three relevant types of crimes and the impact of Web3 on their execution:

  • Terrorism and Organized Crime: More versatility of cryptocurrencies, such as Monero, Zcash, or Dash, in a Web3 world will boost their current uses as a source of income through donations, drug trafficking, or money laundering. Web3 technology is also expected to enable extremist groups to target their propaganda more precisely to possible recruits. Moreover, new crimes and challenges will arise: Content regulation on existing social media platforms is already tough, and identifying distributors and deleting content on Web3 will become nearly impossible. This makes Web3 a potential safe haven for the distribution of propaganda. As a new threat, Web3 developments foster the integration of virtual reality in social platforms. Metaverses allow for the creation of a virtual world that can serve as an immersive breeding ground for radicalization and recruitment. Not only can a virtual “Caliphate” or white supremacist state be created, reflecting the extremists’ beliefs and rules, but the extremists can also facilitate training in that world, such as recreating certain attacks or inspecting possible targets. The future web also creates potential new revenue streams: Selling extremist NFTs opens a new market for extremist memorabilia, tokenized certificates, or digital “souvenirs” with buyers among both like-minded extremists and curious passers-by.
  • Harmful Content and Child Sexual Abuse Material (CSAM): CSAM will likely spread to NFTs, metaverse spaces, or smart contracts. Here, the problems around attributing and deleting harmful content aggravate once CSAM is minted into an NFT. The new technology also renders certain existing defense strategies of law enforcement useless. Going one step further, immersive metaverse platforms have already been shown to provide the cyber space for sexual harassment. Crimes, such as in the involuntary exposure to psychologically harmful content, become more relevant. “Action moderation,” in addition to content moderation, will drive imperative security questions in Web3. 
  • Money Laundering and Scams: The decentralized web offers new opportunities to disguise one’s own identity, providing a space for a variety of financial crimes including money laundering and all sorts of scams. The trading of NFTs, for example, allows money launderers to enter illegal money into the legitimate economic cycle by creating an NFT, using illegal money, selling the NFT, and then declaring the profit as legitimate money. While an NFT is, in theory, proof of ownership itself, there are also numerous ways to use NFTs as scams—for example, by selling one NFT multiple times on different blockchains. OpenSea has stated itself that a sample trial has exposed that 80 percent of NFTs on its marketplace are illegitimate or plagiarized.

When considering the potential threats of these individual types of crimes, it is necessary to note that Web3 technologies are largely interconnected. Cryptocurrencies are used to buy land in a metaverse; smart contracts regulate entry permissions to a metaverse parcel; and NFTs are displayed and sold in a metaverse space as digital property. The interconnectedness drives big hopes for the success of Web3, while the need to set oneself apart from other technologies drives the rapid development of individual Web3 elements. 

But even if those hopes burst and NFTs, metaverses, and cryptocurrencies remain in a niche, their potential abuse must worry law enforcement agencies. The decentralized structure of NFTs makes them particularly hard to delete, and the easy adoption and handling set a low barrier to distribute pictures, videos, texts, audio, and other formats of extremist content. In combination with other Web3 elements, such as peer-to-peer video platforms (PeerTube or Odysee, for example) or metaverse platforms, NFTs with extremist content can foster radicalization. Alternatively, extremist NFTs can be abused as tokens of loyalty or extremist memorabilia. They also create a new source of income for their minters when they are sold across the internet: one more reason to look closely at how much extremist NFTs are already provided across different blockchains. 

Searching and Finding Extremist NFTs: A Summary

To get a feeling for the current spread of extremism on NFTs, we manually searched NFT marketplaces with far-right keywords, such as “1488,” “Holocaust,” and “Hitler.” The initial results motivated a more systematic search for which we accessed the NFT application programming interface (API) of the Web3 development platform Moralis, which offers access to NFTs and their metadata across 11 blockchains in the Ethereum and Solana systems. We searched the API with 83 far-right code and slang words in English and German, compiled by various databases including the Anti-Defamation Leagues’s Hate Symbols Database.

After filtering the API search to weed out irrelevant results and misleading keywords, 4,445 NFTs remained in the data set, which we divided into seven categories. The categories try to separate those NFTs that are clearly extremist (“made with extremist intention/purpose”) and those that appeal to extremist topics and could be used, for example, as propaganda material from those that show no connection to far-right extremism. Further categories include NFTs that reference extremist topics (World War II, Holocaust, anti-semitism, anti-LGBTQ, racism) but are not extremist, NFTs that are mocking the far-right (extremists), or NFTs that are not clear in their message.

The composition of the entire NFT data set across all chains shows that the majority of NFTs (68 percent) has no connection to far-right extremism despite mentioning relevant keywords. Roughly 2 percent of the available data was categorized as clearly extremist. A larger share of approximately 17 percent was categorized as “appealing to far-right topics.” This category consists of NFTs that could be used by extremists to share their ideology, even if the creator of the NFT did not intend such a purpose. This group contains a mentionable number of Nazi memorabilia as well as historical documents without context. Other categories, such as “unclear” and “no data,” amount to approximately 6 percent. A little less than 5 percent of all NFTs are categorized as “mocking,” meaning they ridicule far-right topics—especially depictions of Adolf Hitler and other Nazi leader

Selected NFTs from categories 1 (extremist), 2 (far-right appeal), and 7 (mocking).

As detailed in the full report and the interactive data analysis, we learned that more specific keywords produce more relevant results. Extremist slang and code is propagated into NFT descriptions and yields more extremist results when searched for those terms. However, extremist code produces clearer results only as long as the keywords remain distinguishable and not context dependent. Context-sensitive extremist codes, such as number combinations, cannot be detected with a keyword-based search method. This produces an unknown share of undetected extremist NFTs. Overall, the analysis remains a spot check since it is not feasible to collect all NFTs across multiple chains—just like NFTs remain unseen if relevant keywords are unknown.

Results and insights of NFT classification by keywords.

Leveraging Research for Web3 Threats

To better understand the connection between NFTs and (far-right) extremist content, we collected 7,500 NFT and their metadata from 11 blockchains. Categorizing the NFTs by their title, description, details, and visual assessment of the downloaded images/GIFs/videos, we conclude that far-right extremist content is spread via NFTs on different blockchains. Looking at the metadata and images of 4,500 pre-selected NFTs, only a small share, 2 percent, of NFTs is clearly extremist. Much more content, 17 percent, with relevant keywords in NFT metadata could be used for extremist purposes but is not extremist per se. 

While this analysis has shown that NFTs are not yet a major ground for extremists to play on, there is clearly potential for NFTs to exploit the decentralized web. Uncertainty about the future and the relevance of Web3 as a mainstream technology confronts law enforcement, researchers, and civil society with a well-known dilemma: While uncertainty impedes research funding as it increases the “option value of waiting,” hesitation likely leads to worse outcomes or late realization. Experiences in the field of extremism illustrate the importance of countering concerning developments as early as possible to prevent harmful content or behavior from spreading into society’s everyday life. 

To address the dilemma and preempt the possible deterioration, we recommend increasing academic research on the exploitation of Web3 in the field of national security studies and/or counterterrorism. Current research is centered on the financial and technical elements of Web3 development (in particular, decentralized finance), but little light is shed on questions of the societal impact of Web3, especially with regard to security. In cooperation with private companies and civil society, it is important to dive deeper into the topic from an academic perspective and provide decision-makers with a reliable data basis to ground their work in. With regard to the results presented here, we suggest broadening the scope of data collection: A larger number of diverse keywords, different languages, and further chains will yield even more insightful results about the current status of extremism on NFTs. 

Ultimately, Web3 research should leverage the transparency of blockchains to quantify pending security questions, reduce the uncertainty of this technological development, and anticipate future needs for law enforcement and intelligence agencies. To fight extremism in new technological fields, open-source intelligence (OSINT) and cybercrime capabilities of law enforcement agencies will require drastic growth. And their adjacent competencies must be brought closer together: The future internet requires a combination of OSINT and cybercrime-oriented data analytics that does not care whether the data comes from “classic” websites (Web1), social media platforms (Web2), or blockchains (Web3). This future of “internet intelligence” (INTINT) seamlessly combines classical OSINT with social media intelligence (SOCMINT) and blockchain intelligence (BLOCKINT). 

The high uncertainty around technological development, such as Web3, burdens swift decision-making and foresightful acting. Anticipatory analytics, as shown here with regard to extremism on NFTs, pave the way for going from the unknown unknowns to the known unknowns. And even if Web3 technologies do not become core challenges for law enforcement agencies in the second half of the 2020s, the call for more and better internet intelligence is fail-safe: Current demands for better internet investigation already exceed current law enforcement capabilities by far. Therefore, better skills and more staff not only serve future challenges but also address current problems in countering security threats on the internet.

Julia Handle works as a public sector consultant with a focus on security and crisis management in Berlin. She has graduated from King’s College London with an MA in Terrorism, Security & Society and has worked in the field of preventing and countering extremism in the national as well as the international context. In her work, she has focused on processes of radicalization in the online and offline world.
Louis Jarvers is a senior consultant for tech and security at “PD” – a public sector consultancy exclusively owned by the German state. Louis holds an MPA from Columbia University and an MPP from Hertie School Berlin, where he specialized on cyber security, intelligence and data analytics. In his works, he focuses on Open Source Intelligence (OSINT) with particular regards to emerging technologies and serves as an external advisor to German law enforcement and security agencies.

Subscribe to Lawfare