Welcome to the Block & Mortar newsletter! Every week, I bring you the top stories and my analysis on where business meets web3: blockchain, cryptocurrencies, NFTs, and metaverse. Brought to you by Q McCallum.

Reading online? Subscribe to get this in your inbox whenever it's published.


#39 - A metaverse Lunar New Year celebration, poison addresses, and getting loopy

McDonald’s shifts from tiger to rabbit

Wishing a happy, festive Lunar New Year to all who celebrate!

McDonald’s has unveiled plans for a high-tech series of events, in partnership with artist Karen X Cheng, to ring in the year of the rabbit:

The 30-second ad spot is inspired by Cheng’s childhood memories of the holiday and features a QR code call-to-action that leads to other campaign elements. […]

Along with the ad, McDonald’s is returning to the metaverse to celebrate Lunar New Year, as it did last year in what it billed as its first cross-media collaboration. This year’s activation imagines the future of the holiday, with 3D sculptures of the 12 Chinese zodiac animals. The brand will also host special events in the digital space, including a Year of the Rabbit celebration on Jan. 25 and an evening with Cheng — in avatar form — on Feb. 2.

(You can review the press release for details and visit the official website – www.McDLunarNewYear.com – to participate.)

AI, AR, and metaverse? In a single effort? It would be easy to write this off as Big Company Tries To Look Cool By Randomly Shoehorning Tech Into A Project – I’ve seen plenty of that in my career – but I don’t think that’s what’s happening here. This feels more like Cheng and McDonald’s started with the goal to do something fun and engaging … and then sorted out the technology to drive these digital experiences.

So are they using the new and shiny? Sure. Is this pushing the envelope on what these tools can do? Maybe. Does it sound like someone’s stuffing their résumé? Not at all.

What also stands out is that the tech makes few demands of participants. Watch a video, scan a QR code, visit Instagram. All of this is within the capabilities of a typical computer or smartphone; no VR headset required. (I’m a little surprised they didn’t add more of a gaming element, but I imagine that would have complicated things.)

I also checked out their choice of metaverse property. Given how the big names have been carving out their roles, I expected McDonald’s would run their events in The Sandbox or Roblox. (These have been popular with brands.) Instead, the Golden Arches setup shop in Spatial. This one is new to me but it has hosted Vogue, Hilfiger, and Hublot, among other recognizable names.

Spatial strikes me as refreshingly down-to-earth for a company in the hot, buzzword-laden web3 space. Consider this note on their blog:

So How Should You Get Started in Metaverse Real Estate?

The short answer is…don’t. Metaverse land is a hugely speculative investment currently that in most cases will certainly go to zero. Instead, you can claim your space in the metaverse via Spatial for FREE, and you can buy gorgeous virtual environments designed by some of the world’s leading artists to help provide your space with utility and attract others to visit.

Definitely not the sort of metaverse property sales that will clog the Ethereum network. But I digress…

Similar to Starbucks Odyssey, the McDonald’s 2023 Lunar New Year celebration will be a large-scale, real-world road test for all of the technologies they employ. Other brands will closely follow, making note of what works and what creaks under the strain.

All of that leads me to ask: what will be their next web3 project? And what will be the next large brand to build something in this space? Time will tell.

Scam O’Clock™: Address poisoning edition

It’s been a couple of months, but Scam O’Clock™ is back!

Deep down, all crypto scams are based on three key aspects of blockchain transactions:

  1. Tokens only move in one direction. You can send tokens to someone, but you can’t take them back.
  2. You technically don’t send tokens to a person, but to a wallet address. This long string of random-looking letters and numbers is a unique identifier.
  3. You can send tokens to any wallet address. Your friend, a complete stranger, and even a nonexistent – well, non-claimed – address are equally valid destinations.

(In that last case the tokens are considered “bricked,” because they’re no longer accessible by anyone. For those who have cranked out a fair amount of C code, it’s just like writing data to the wrong memory address. But more expensive.)

Since thieves can’t take money out of your wallet, they need to trick you into sending tokens to theirs. They’ve devised tricks as varied as targeted phishing attacks, impersonating Twitter accounts, hacking shared minting services, infiltrating projects’ social media accounts, rug pulls, luring people in with free NFTs, and plain old malware.

And this was just within the last year.

Last week, I learned about a new(-to-me) attack called address poisoning. It relies on you mistakenly sending tokens to a lookalike address.

People generally know to copy/paste an address into the destination field, to avoid typos. Good. But since addresses are long strings, they may just check the first and last few characters before they copy. What are the chances that a person will interact with two addresses that differ by just a couple of characters?

Unlikely, but not impossible. Scammers can use services to generate wallet addresses that look like yours. They then post a small amount to your wallet, so this new address appears in your recent transaction history. Their hope? That you’ll accidentally copy/paste that poisoned, lookalike address from your history into your next transaction. And then they receive the tokens.

You get bitten because “this looks about right” isn’t the same as “this is right.”

As with most scams, the thieves don’t need to fool you over the long term. They just need to fool you long enough to send the tokens to their wallet … aaaand it’s gone.

(Credit where it’s due: I originally found this on French business news site BFMTV. The Metamask help pages offer an English-language explanation of how address poisoning works.)

Building an experience

The digital space takes experiential marketing up a notch. Instead of “please chat with our marketing team between DJ sets” or “hang out with your friends and hopefully you’ll notice our brand’s logo in the corner,” a virtual event lets you more clearly define the interactions. Specifically, you can run the event as a game.

Don’t let that term fool you. Try to see this as a structured, engaging experience that taps into people’s competitive nature and desire for reward. Gamified services like Duolingo, Habitica, and FitBit have proven effective in helping people learn new skills and develop good habits.

In web3, Chipotle has challenged its fans with a burrito-rolling simulator and NGO Whole Earth Foundation got citizens to track the status of manhole covers in Japan. More recently, clothier H&M has launched a metaverse experience on Roblox called Loooptopia.

“Users can collect items like raw materials to create thousands upon thousands of clothing combinations,” [H&M Head of Customer Activation and Marketing Linda] Li added. “They can show them off on catwalks and mix and match styles in order to create new outfits. They can trade styles with their friends. When it comes to sustainability, not only can they trade with their friends and be able to then win a prize, there’s also a recycling option, which is at the heart of Utopia City. It rewards our players. They recycle their outfits, then collect more rare items and prizes and rewards in order to further their experience in the game.”

If you think that a game is a foolish pursuit in the business world, consider: billboards and video clips will only get you so far. They’re one-sided affairs. “Please look at me and retain the information that I share.” A game should prove far more engaging by comparison.

Try to see it as a small-scale loyalty program with limited scope. It turns spectators into participants who express their interest in your brand based on how they interact with the game. Why spray-and-pray thousands of e-mail addresses when your true fans will self-identify?

This setup also gives you a chance to demonstrate your company’s values. The key is Gaming 101: reward the desired behavior. H&M wants to promote sustainability in fashion, so they issue prizes to players who follow sustainable practices in-game.

It’s the old “show, don’t tell.”

The wrap-up

This was an issue of Block & Mortar.

Who’s behind Block & Mortar? I'm Q McCallum. I've spent the past two decades in the emerging-tech space. And I'm very interested in web3 use cases.

Credit where it's due. Big thanks to Shane Glynn for reviewing early drafts. Any mistakes that remain are mine.

Reading this online? Or as a forward? Why not sign up? Get Block & Mortar news in your inbox, whenever it's published.

Privacy statement: I don’t share/rent/sell your personal info. Seriously.