I created a crypto token and NFT collection — what I learnt surprised me – MyBroadband

Crypto asset ownership on Ethereum-based blockchains is not what it seems. That was the key lesson from my experience developing a crypto token and NFT smart contract for MyBroadband’s April Fools prank this year.

Sometimes, getting a peek behind the curtain ruins the magic. Other times, seeing how the sausage gets made lets you appreciate it even more. This was definitely the former.

When I first learned to code, discovering how computers interpret instructions to create incredible software — like word processors and games such as Karateka — made them even more magical.

As my understanding grew — moving from an interpreted language like QBASIC, to Pascal, to assembly, to machine code, to learning at university how silicon wafers become processors — my sense of wonder only increased.

My first experience writing smart contracts for the Ethereum Virtual Machine (EVM) was the inverse of this.

Don’t misunderstand — writing software on my computer here in South Africa that can be executed by a globally distributed computer and the results stored in a blockchain is, indeed, magical.¹

It was my illusions about what “ownership” really means in the context of a blockchain like Ethereum that were shattered.

Ownership in the crypto world is a big deal. We nod solemnly to one another and repeat mantras like, “Not your keys, not your crypto.”

Like any other idiom, “Not your keys, not your crypto” is a kind of short-hand. We use it to say that if you don’t control the private cryptographic keys to the wallet that stores your digital assets, you don’t actually own them.

This is in contrast to keeping your cryptocurrency on an exchange or custodial wallet provider. You’ll often hear the saying when such a platform, like FTX, BlockFi, Celsius, or, more recently, ByBit, gets hacked or goes bankrupt.

It’s one of the biggest benefits and greatest pitfalls of crypto. You are your own bank. The web is also full of stories of people who could have been millionaires, had they not deleted or otherwise lost access to their old Bitcoin wallet from 2011.

Ownership is also an issue that comes up in debates about re-imagining how digital systems might be revolutionised so that users actually own their content.

For example, what if, in a video game like World of Warcraft, your extremely powerful, rare, and valuable weapon wasn’t just an entry in a database but an NFT on a blockchain?

Proponents argue that this would allow you to actually own the item and sell it or otherwise benefit from its value outside the game.

In addition to the issue of ownership, it is also important to appreciate that billions of dollars of real value exist on EVM blockchains today as crypto tokens.

One example of this is USDC, a stablecoin backed by the US dollar that began as an ERC-20 token on the Ethereum blockchain.

USDC currently has a market capitalisation of over $60 billion (almost R1.2 trillion) and has expanded to several other blockchains besides Ethereum.

ERC-20 is a standard co-authored by Fabian Vogelsteller and Ethereum co-founder Vitalik Buterin for non-native crypto tokens. Ethereum’s native token is ether, which is also the cryptocurrency you use to pay transaction fees in.

Building an anti-memecoin

As part of MyBroadband’s April Fools prank this year, I created an ERC-20 token called MyBroadbandCoin. (To minimise transaction fees and allow people to participate in the joke, I launched it on BNB Chain, an EVM-compatible blockchain.)

The idea behind MyBroadbandCoin was simple: a memecoin you could mint by the thousands for mere fractions of a cent. But to take the joke a step further, I also wanted to see if the token could somehow self-destruct at midnight on 2 April.

I assumed that it would not be possible to remove the tokens in people’s wallets, but perhaps I could change the token’s name or send some other kind of “April Fools!” message and render them even more useless than they already were.

It turns out the EVM had a self-destruct function that allowed smart contracts to remove themselves from the blockchain. However, this was deprecated in 2022 and no longer works like it used to precisely to prevent what I was doing.

Upon digging further, I learnt ERC-20 tokens are not actually stored in people’s wallets. Your balance is simply a variable stored by the token’s smart contract.

In blockchain terms, unless you can read and verify the smart contract’s code for yourself, there is no inherent guarantee that the token’s smart contract can’t execute transactions on your behalf.

(Click to enlarge): The only thing discouraging me from deleting everyone’s MyBroadbandCoin balances is the cost.

By keeping a list of all the accounts that held MyBroadbandCoin, I could create a function that zeroes their balance by transferring all of their tokens to another address. In this case, I would “burn” the tokens by sending them to the genesis or null address.

Fortunately, it seems that executing a function like this can quickly become expensive, even on a lower-cost platform like BNB Chain.

To erase the holdings of just six wallets, the estimated transaction fee was $5.31 (around R100) — around the price of a KFC Fully Loaded Box Meal. I would rather have the KFC.

Not your keys, not your crypto

You might naturally assume that only you can spend or transfer digital assets from your crypto wallet.

That’s why it was surprising to discover that assets like ERC-20 tokens and NFTs do not enjoy the same fundamental safeguards as native cryptocurrencies like ether and BNB.

Because ERC-20 token balances reside in the token’s smart contract — which can exercise full control over those balances — the real “owner” of these tokens is ultimately whoever controls the contract.

If “not your keys, not your crypto” holds true, then by definition, all non-native tokens on Ethereum-based blockchains aren’t really yours — they belong to the contract’s owner.