M○C△ WEEKLY Round-UP 5/18

We got NEWS. We got THOUGHTs. We got ART! We got you covered.

May 18, 2025

Don’t miss an edition, hit this li’l ☝️☝️ subscribe button ☝️☝️ right up here. And catch up on every edition that passed you by.

In This Week’s Round-Up:

This Coinbase Hack is an Entirely New Way to Prove the Dangers of Centralization
MapleStory Launched on AVAX. It’s a Disaster.
The Death of DAOs, as told by SuperRare and the Druid

Okay, Let’s Get On With It

The Crypto Art Side

Each week, more SuperRare drama, this time centered around The Druid, one of the first SuperRare collectors and his nomination for SuperRare’s RareDAO council. You know a company is dramatic when its DAO structure is in the crosshairs.

RareDAO is the DAO set-up a few years ago around SuperRare’s $RARE token, and if you’ll remember this column from a few weeks back, RareDAO recently approved a massive vote allowing SuperRare to form a strategic partnership with Transient Labs, whom SuperRare calls “the most advanced suite of creative tools for digital artists, projects and brands.” The strategic reasons for their partnership aside, their proposal is very clear about the financial and governmental terms of the agreement, which included a “$2.5M equivalent investment, paid in $RARE…into Transient Labs, Inc.,” or what amounts to about ~30-million $RARE by current valuations. Though the same proposal claims there will be “No governance changes: [RareDAO] remains fully independent, with Transient Labs operating as a service provider and strategic partner,” TheDruid seems to have discovered that a substantial portion of Transient’s $RARE holdings have been used to influence the incoming RareDAO Council Members Vote. Being that, post-partnership, Transient is now the single largest $RARE token holder, the conflict-of-interest is quite clear.

Every year a new suite of council members are nominated and approved by the RareDAO community of token holders. This year’s voting ended this week, but the council members have not yet been publicized. Ten nominees put themselves forth for approval, including TheDruid, curator Fanny Lakoubay, Botto co-founder Simon Hudson, and a smattering of others. Most, if not all, have quite convincing qualifications.

TheDruid discovered a few days ago that over three-million $RARE tokens from the Transient partnership were used in the council voting process, leading TheDruid to accuse both SuperRare and Transient of “rigging [the] 2025 council nomination.” His tweet sums-up both his findings and SuperRare’s response:

I do sympathize with TheDruid’s anger, as the whole purpose of a DAO is to put governance decisions into a community’s hands. Certainly, the SuperRare/Transient proposal suggested that their partnership would not affect DAO governance, but boy, upon further reviews, the language sure is ambiguous. It’s certainly fishy to claim that “The DAO remains fully independent, with Transient Labs operating as a service provider and strategic partner,” while affirming in hindsight that, given Transient’s massive holding of $RARE token, they can essentially squash or approve any vote they like.

DAOs, however, are a ridiculous concept. Community governance sounds great in theory, but in practice, a smattering of haphazardaly-involved individuals with no more investment in a company than their token holdings is obviously not trustworthy enough to make the correct decisions for the future of an entity. There’s a reason the corporate economy is structure as it is, with 51% voting stake the golden number for preserving internal decisionmaking about corporate structure and investment and executive decision-making. As far as I know, the true-blue DAO structure has never really been executed properly or successful in practice, and even the vaunted NounsDAO more-or-less segmented into pieces, a churn of indecision, despite sitting upon tens-of-millions of dollars in freefloating funds.

But maybe that’s neither here-nor-there. I argued with TheDruid that a company like SuperRare —which has continuously demonstrated that it will pivot in any direction to ensure their own continued survival— shouldn’t be beholden to a community that, honestly, might rather it shutter valiantly than live on in shame. I don’t think that’s a coldhearted calculation, I think it’s a fairly legitimate business decision, but obviously TheDruid disagrees, and I can see his point too. After all, why bother setting-up a DAO if one is just going to find ways to work around it? Seems opportunistic, at the very least.

I don’t know who will ultimately be voted into the RareDAO Council seats, but I’d guess, given the above facts, that they will be entirely supportive of SuperRare’s future plans, which makes me indeed wonder —right or wrong— if the Transient partnership was a kind of Trojan Horse to ensure that incoming members of the Council are sympathetic to the team’s desires, and that future proposals in SuperRare’s interests are not left to chance.

Admittedly, I’ve never believed in the DAO system, so to see it tarnished or creatively abandoned feels like the inevitable conclusion. Nevertheless, I’ll leave you with the final thought from TheDruid, summing-up his opinion on the proceedings:

Would be curious to hear what you think of things.

The Tech Side

Nexon Teams Up with Polygon to Launch New NFT Game, MapleStory Universe - NFTgators

You know, it’s funny how sometimes these newsletter write themselves. It’s Thursday, May 15th, and about eight minutes ago, I decided it would be smart —given I was planning on writing about MapleStory N, the latest iteration of the storied MMORPG, launching on AVAX— to actually sign-up and play around for a while. Without getting my hands on it, how could I form any opinions about its viability in a difficult marketplace? Blockchain games have mostly struggled to find much footing; beyond the long-time hype-cycle behemoth, Axie Infinity (by far the most profitable play-to-earn game, with over $700mm cash-on-hand) there are only 9 games listed on Dappradar that have earned more than $10mm; two of those are Decentraland and Sandbox, metaverse apps that made a fortune selling mostly-worthless plots of digital land.

I have a slight history with MapleStory. Though my love for other MMORPGs like World of Warcraft and Runescape is well-documented, MapleStory I only saw through the lens of a friend who, in the wee hours of the night, would log on to his older brother’s account in secret and go adventuring around. MapleStory’s chibi-anime-pixel style still feels as relevant today as it did back when I was in middle school, and there was always something deeply attractive about its many classes, its hordes of enemies, its magic-and-swords, its side-scrolling mechanics. So when I saw earlier this week that a play-to-earn revitalization of the brand, MapleStory N, launched on a dedicated Avalanche Subnet, I was like “Amazing! This is huge news! An actual brand-name game launching a crypto component! Maybe this will have a tangible effect on bringing play-to-earn to the mainstream!”

Now, as of 15 minutes ago, I’m still waiting for an email with the verification code I need to actually sign-up for the game. Which only demonstrates the point I’m going to make.

MapleStory N is not available in the U.S., most of Europe, Japan, or South Korea, that list including 7 of the top 10 largest gaming markets, so in order to access the game at all, I had to use a VPN. So I did. And then I needed to connect my wallet. Not so fast! I don’t trust this random app, I don’t ever use AVAX, so just let me quickly switch over to my Hot Wallet. Good thing I even have a Hot Wallet handy. Then I go through multiple screens, create a nickname, and then connect my email address. Now just to wait for the verification email to move-on. I’ve just waited 300 seconds actually —time only passing when you’re on the physical page itself— to resend the link, as it didn’t come through the first time. I still haven’t connected my wallet proper. I still haven’t signed any allowances. I still haven’t come close to playing the thing.

What an absolute fucking headache. Just to sign-up for this game has been a seven-or-eight part extravaganza of connecting apps and navigating around my desktop. I don’t even really want to play the damn thing, I just want to see how it looks on start-up, what’s offered, how professional it feels, whether other people are playing. If it isn’t abundantly clear by now, the blockchain gaming industry will never get so much as a single foot off the ground if it can’t figure out how to make its products accessible.

It all *sounds* so good in theory. Dedicated Avalanche Subnet with its own permissions. Massive MMORPG where assets are stored on-chain and actual financial reciprocation can be claimed from playing. But, man, I don’t even know why I get my hopes up. I used to think that installing a separate Battle.Net app on my desktop to play World of Warcraft was too much work, but it seems with each newly proffered innovation in scope, mechanics, or enjoyability of blockchain games, we take these giant leaps backwards towards complete inefficacy.

As Josie Bellini said on the MOCA LIVE podcast this week, gaming is a larger industry than film and music combined. If I were launching a blockchain game that I’d invested huge amounts of capital into, if I were trying to lead the charge on play-to-earn gaming, if I really had dollar signs in my eyes at the very scent of all the mouthwatering cash up for grabs, I’d probably figure out a better way to let people access my game than relying on Metamask, an app so flawed in its UI/UX, so deeply hostile to users, so unnecessarily complicated, that it might destroy this nascent industry before they can even flutter off the ground. Smashed while still in the egg.

Without a workaround, without creative redesign, without anticipating just what a monumental problem this is, this industry is toasted. Toasted.

Update many hours later: verification email still hasn’t come in.

Update on Sunday, May 18th, in the middle of the night, two full days after writing this:

The Finance Side

On Thursday, the official Coinbase Twitter account notified the world that they were the victims of what they claim to be a cyber-crime, though it’s an odd one. Certainly in the world of crypto, it’s a “hack” unlike anything I’ve seen before. As per Coinbase’s official statement:

“Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers.”

In layman’s terms, it seems that Coinbase employees —who Parrot_Capital calls “dirt cheap CSR agents in India, Pakistan, the Philippines”— were either blackmailed or bribed by cybercriminals into providing access to Coinbase’s secure KYL registries, exposing information such as:

Coinbase laid out the admittedly-wild chain-of-events in their own internal blog: ‘[Cybercriminals] used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users. Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto.” These criminals then sought a $20-million ransom from Coinbase in exchange for keeping the leak quiet, an extortion Coinbase has refused to pay, instead setting-up a $20-million reward fund for information leading to the identification and arrest of these criminals.

In some ways, it’s refreshing that a cryptocurrency crime did not this time revolve around wallet mismanagement or internal hacking or some kind of server-side human error, but just simple organizational malpractice, human nature, whatever you want to call it. This is not the Mt. Gox hack, this is not some horrific organizational decision made with shady intentions on the back-end of a board meeting, it’s just classic extortion, and perhaps we can all breathe a sigh of relief that, for once, web3 itself is not to blame for the bad actions of bad actors inside its walls.

There are, of course, many posturing this event as a prime reason why centralized exchanges, any kind of custodial crypto service really, are bedeviled, leaving users and holders exposed with little recourse. Crypto art collector, Batsoupyum, said “The #1 crypto firm in the US gives its support agents access to your personal data…Still wondering why we fight for self custody, anon?” but that seems like somewhat of a false conclusion, though I understand the temptation to conclude there.

It’s true, the only 100% safe mechanism for holding one’s crypto is to do so in a self-custodial wallet, where the holder safely stores their wallet’s keys offline, and never ever transacts with that wallet, never connects it to any site, etc. We’ve seen time and time again the failures, however, with this approach. Blame it on bad UI/UX design from wallet purveyors, blame it on more and more sophisticated wallet-draining hacks, but the self-custodial approach, while perfect in a vacuum, never actually exists in a vacuum.

If human error —or human malpractice— is always going to be a factor, whether we’re discussing centralized or decentralized options, then I think the conversation has to come down to recourse. In the event of a wallet-drain, there really is none. Your keys, your money, your fault, your liability, the continuum ends there. With a situation like this at Coinbase —where no actual keys or money was stolen but, perhaps, some users were already tricked by these phishers into sending money (though Coinbase states that “We will reimburse customers who were tricked into sending funds to the attacker due to social engineering attacks.”)— at least there is an entity on the other end of our pointed fingers. Not our keys, not our fault, not our liability.

Coinbase’s track-record of alleviating user complaints is spotty at best (anecdotally, it seems they deny access to funds at will without response, and I have heard nothing but horror stories about people trying to actually contact them for assistance), but I’m not ready to write-off centralized exchanges *for most people* because of this entirely unforeseeable personnel issue. Should Coinbase have been more selective with their employees? Probably, and I’m not relinquishing them from liability at all. But Coinbase is an S&P500 company with the massive funding required to make affected parties whole. And that’s what you get with a centralized exchange. Some semblance of peace-of-mind, some culpability that rests outside of your own hands. Even FTX victims are going to get reimbursed (in theory).

There’s another side of this, however, which is the danger of KYC being required on almost all these centralized exchanges. Becoming known to hackers, to thieves, to phishers, becoming a target of identity theft or fraud, that’s a terrifying proposition, and one that can be entirely prevented by further intentional safeguarding of private customer information. Maybe I’m a cynic about this stuff, but this is the price many of our peers have chosen to pay for ease. Social media, online retailers, credit card companies, now Coinbase, personal information is at risk wherever it’s entered. I can’t tell you how many times I’ve had to change all my passwords because of some hack on some site I signed-into once or twice in the late 2000’s. I’m non-plussed to see Coinbase represented as another statistic in the column of “businesses that can’t protect sensitive information,” but I’m not surprised, and it doesn’t really change my perception of them. It’s the price we pay for ease.

It’s the price we pay for outsourcing responsibility onto others. I’m not saying I would make that transaction, but I understand why many would. And if Coinbase does what it say it’s going to do —actually reimburses affected parties, actually implements new safeguards, makes more than just empty promises— I’ll understand it doubly so.