At the Blockchain Innovation Conference in Amsterdam back in 2019, my good friend Vincent Everts asked me to give a closing keynote (here it is on YouTube) about artificial intelligence (AI) and the blockchain. I made fun of some of the more outlandish claims about the intersection of the technologies and then went on make the firm prediction that there would be specific business opportunities in having AI write smart contracts because people are not very good at writing smart contracts. While it went to down very well with audience in the room, the comments on YouTube were (to say the least) less supportive of my vision. They included:

• This speaker says nothing for 32 minutes;
• A complete waste of time;
• He has no clue what he is talking about cringe; and
• This presentation gave me a headache.

 Oh dear. In my defence, I must point our that it was a Friday afternoon and everyone was tired so I was probably a bit too grumpy and bit too mean in some of my comments, but the conference delegates seemed to enjoy the session and understand the spirit of what I was saying.

(I apologise unreservedly, by the way, for calling one of the questions that I was asked “stupid”. The question was not stupid, but I was stupid for not taking a moment to think about the questioner and why the question was asked.)

But was I wrong? Of course I wasn’t. The entertaining cavalcade of errors and exploits around smart contracts shows no sign of abating. Just the top 10 major cryptocurrency exploits garnered over $2 billion for malicious actors in a year that was marred with bankruptcies and collapses. I could pick from thousands of examples to illustrate this point, but I will use just one because it happened to be in one of my browser windows earlier today: A smart contract exploit on the Hedera Mainnet led to the theft of liquidity pool tokens.on decentralized exchanges (DEXs) that used code ported from Uniswap v2 on Ethereum over to the Hedera Token Service.

(I stress that I am not singling Hedera out for critcism. This sort of thing goes on all the time across all chains.)

Anyway, I was thinking back to that Blockchain Innovation Conference talk because I read that Conor Grogan at Coinbase used ChatGPT-4 to examine a live Ethereum contract and it highlighted “multiple security vulnerabilities and surface areas where the smart contract could be exploited”. Now, whether the bot actually found these flaws on its own or picked them up from somewhere out on the web, the experiment shows that the capabilities of the Large Language Models (LLMs) are pretty significant when it comes to helping humans to write smart contracts that might actually work as intended.

Indeed, by the beginning of this year Cointelegraph was listing smart contract development as the no.1 way for blockchain people to use ChatGPT to improve their work, noting that it can be used to generate smart contract code and generate natural language explanations of a contract’s logic and functionality. Tools such as ContractReader.io have come along to help developers to read and understand smart contracts and the continuing development of more general AI software-writing tools is accelerating.

(There is absolutely no doubt that AIs will be writing most code relatively soon, boosting the productivity of human developers five or ten times in the near term.)

Something Must Be Done

When I first started working in fintech, many years ago, I remember the basic problem statement: services too expensive, too slow and too opaque. Well, here were are in 2030 and according to the management consultants Bain web3 (the umbrella term for the collection of protocols, smart contracts and tokens that can be used to created decentralised financial services (or “DeFi”) has started to spread into mainstream banking and while current initiatives have yet to reach true scale, early adopters hope to harness that collection of fundamentally new tools to make banking services cheaper, faster and more transparent.

We are almost there and this why AI support is crucial. If DeFi is going to become part of the mainstream fintech toolbox (as I am convinced it will) then it has to deal with the problem of errors in smart contracts. After all, in DeFi, agreements are enforced by code. Nicholas Weaver, writing in the Yale Law School’s digital whitepaper on “The Death of Cryptocurrency” asks the fundamental question about such code: “If a smart contract is a contract, and the terms allow an attacker to take the cryptocurrency, is it actually theft?”

This is not a hypothetical question, by the way, since smart contract exploits happen with depressing regularity.

A California federal judge has ruled that South Korean crypto project ICON (ICX, a blockchain-powered network that supports smart contracts and was historically considered South Korea’s answer to Ethereum) may have acted improperly when it instructed exchanges to freeze tokens minted by a crypto “hacker”. The word hacker is in quotes here, because as Mr. Weaver’s question highlights, it is a matter of some dispute as to what constitutes a hack when it comes to smart contracts. In this case, the alleged hacker, Mark Shin, countered that he had never hacked any part of ICON’s system, but he had [simply used the code as it had been programmed]. Mr. Shin’s lawyer is quoted as saying that “if the blockchain says you have certain tokens, and you didn’t take those tokens from another individual, the rules of blockchains are that that property belongs to you”.

(In other words, code is law and this has nothing to do with “hacking” and everything to do with, as my friend David Gerard would phrase it, redistributing value to cryptographically more deserving causes.)

xxx

Ever since the dawn of relationships, scammers have found ways to take advantage of people by spinning a convincing tale. But with the rise in online dating, these scams have proliferated, evolving into more sophisticated long cons to win the trust of victims. According to the FTC report, the most popular way scammers reached out to their victims last year was through Instagram (29%) and Facebook (28%).

From Romance Scams Are Booming — Especially on Facebook and Instagram:

xxx

xxx

Verifying directly with Companies House will mainly be via a digital service that links a person with their primary identity document, such as a passport or driving licence. Alternative methods will be available for those who cannot use or access the digital service.

The ACSP route will involve using an intermediary such as an accountant, legal adviser, or company formation agent. To become or act as an ACSP, the intermediary must be registered with a supervisory body for anti-money laundering (AML) purposes and already have an existing duty to carry out customer due diligence checks on all of their clients. Identity verification will simply build on these existing checks

From Companies House reform: identity verification – Companies House:

xxx

xxx

But last week, the U.S. Attorney’s Office in Los Angeles made an unexpected announcement. Carrie Tolstedt, Wells Fargo’s longtime former head of retail banking, agreed to plead guilty to a single felony charge of obstructing a bank examination. The deal calls for a 16-month prison term.

From Deal to put ex-Wells Fargo executive behind bars sends tough message | American Banker:

xxx

xxx

Because he was dictator, Hun Sen already knew the real names of every person in Cambodia, which meant that he could tell when a Cambodian poster used a pseudonym. Armed with this knowledge, Hun Sen forced Facebook to order Cambodians to post under their real names (which made them liable to arrest and torture) or fall silent.

From Pluralistic: The public paid for “Moderna’s” vaccine, and now we’re going to pay again (and again and again); How Facebook’s Real Names policy helps Cambodia’s thin-skinned dictator terrorize dissenters (25 Jan 2023) – Pluralistic: Daily links from Cory Doctorow:

xxx

The FIS Global Payments Report 2023 has some findings that confirmed some of suspicions about the direction of travel in the U.S. These included the shift towards digital wallets (which became the single leading payment method among U.S. consumers shopping online in 2022, with 32% of ecommerce transaction value) and the growth of A2A (where the U.S. follows the global trend).

A2A accounts for 9% of ecommerce transaction value in 2022. This is projected to grow to 11% by 2026, fueled in part by consumer use cases rising from the 2023 launch of FedNow, the new real-time payments network, which will join existing U.S. real-time payment networks RTP from The Clearing House and Zelle.

xxx

With key game systems developed on-chain, this new project will also leverage smart-contract blockchain technology, focusing on persistence, composability and truly open third-party development to create a new relationship between virtual worlds and players.

From New AAA title from CCP Games | Register for updates!.

xxx

xxx

Merchants’ operational payment issues are numerous and the community is underserved. Thus there are many opportunities for networks, vendors and processors to provide new services.

From MRC Recap – Looking up – A Retailers Perspective On Payments | Noyes Payments Blog.

xxx

xxx

Leading Bitcoin ATM maker General Bytes disclosed that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform.

From General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen.

xxx

xxx

Meta will launch a paid subscription service that allows Facebook and Instagram users to verify their accounts for up to $14.99 a month, chief executive Mark Zuckerberg announced on Sunday.

From Meta to launch subscription service for Facebook and Instagram | Financial Times:

This seems odd. Surely it should be the other way round, where Meta pays you to prove that you are a real live human being with a monetisable attention resource to put at Facebook’s disposal.