Updates

Mar 15, 2022

Bad Bot, Bad Bot, Watcha Gonna Do?

Jack Burt
Jack Burt

Writer

Whether it be soul-crushing customer service bots, or complex, algorithmic trading bots . . .

Bots are nothing radically new, nor are they inherently bad. Bots are just software. Specifically, software that automates an otherwise human (manual) task across the internet.

We’re positive on automation as a technological path. Automation at its best enables efficient markets. Throughout crypto, protocol level and independently operated bots are being used to enable efficient markets. Flashbots, KeeperDAO, CowSwap and others are working alongside users to dampen negative outcomes of MEV (Miner Extracted Value) within blockchains. Oracles like ChainLink also enable more accurate aggregated pricing for assets, which allows more efficient bot-driven arbitrage across markets. On the simpler side, there are benign bots designed to notify users about upcoming mints, notable NFT sales, and more (part of our domain here at Flip).

However, not all bots are altruistic. There are indeed myriad 'bad' bots that create a sink on users' time and money. In DeFi, the infamous “sandwich attack” comes to mind, where the bot takes advantage of block ordering to give the trader the worst possible (but tolerated) slippage.

‘Bad’ bots are becoming more prevalent within the NFT space as well, a relatively fresh market with an abundance of manual processes begging to be optimized or exploited.

Some of you already know what we’re leading toward — there’s a surreal dread that comes with losing out on a hotly anticipated mint, or a close auction, to a bot. It hits you in the solar plexus, reminds you that you're carbon-based and that you just got duped by an inanimate software program.

Those are the type of bots we’ll be covering in this article, the ‘bad’ bots of the NFT space, as well as a discussion of potential remedies to them.

Bad Bots & NFTs

You’ve got your Scalpers:

Scalper bots are best known for being used in the rare sneaker market where they rapidly buy out a limited supply of Air Jordans and then relist those sneakers (at a premium) on a secondary marketplace.

Now, those scalper bots are finding a new digital niche within NFTs.

For example, one notable scalper bot controversy occurred with the Time Magazine NFT launch in September 2021. Scalper bots essentially bought up the Time collection in a matter of minutes. Even though each person was restricted to buying 10 Time NFTs at the most, the scalper bots found a way around the restrictions and scooped up many of them. Within a few hours, the lion’s share of the Time NFTs (known as TIMEPieces) were relisted on the secondary market at 30x above the minting price; the 'fair’ mint had failed.

Truthfully, we don’t care how fast your trigger finger is, you’re going to have a hard time minting faster than a scalper bot. In the Time case though, it wasn't just the speed of the bots that allowed them to soak up the mint but also their ability to create a bottleneck in the Ethereum network. That’s because the bots were willing to pay absurdly high gas fees to jump the line. Even if people were able to beat them to the mint button, the bots had managed to price many folks out of the market with expensive gas. Of course, you could try your luck and duke it out with the scalper bots in a gas war, but then you risk ending up like that one guy who spent $3000 for 10 of the Time NFTs but paid over $60,000 in gas.

Then there’s the Snipers:

Sniper bots are fairly straightforward; sniper bots live on secondary marketplaces like OpenSea, or notoriously Larva Labs of late, and will go head to head with you while bidding on a particular NFT.

In an auction format, they excel by waiting until the last observable nanosecond on the auction, then proceed to bid nominally higher than you, and thus win the auction that you were almost sure you had in the bag.

It's worth noting, snipers are especially difficult to avoid when it comes to blue chip NFT collections. There’s one sniper bot who’s racked up 467 CryptoPunk snipes, many of which have been later sold at a loss, making this one of the most aggravating and seemingly pointless sniper bots around. Nonetheless, it’s a good reminder that just because bots are efficient at one task, does not mean they are always more profitable than their human counterparts.

Spoofers, or something else?

Spoofing, or artificially moving markets by placing fake bids, is illegal in traditional finance, but it is not legally monitored in crypto or NFT markets.

Many in the NFT space blame price movements of NFTs on “spoofing”. The reality is a bit more nuanced in our opinion.

On the buy side, there are definitely wash trading bots used on the secondary market (OpenSea or wherever else people are buying NFTs). Spoof bidding (which they don’t intend to have filled), intentional wash trading, and other tactics to fake collection activity. At the same time they use multiple wallets, artificially making it look like there is more demand and interest and collection than there really is.

On the sell side, many people blame spoof bots for deploying a sweeping mass of low bids on a collection – a sort of pray and spray bid – where they’re hoping that one or two people will accept their low offer. They then arbitrage these back by selling closer to the actual floor price. Meanwhile, the bots often don’t have enough funds to back up the entirety of their bids across the collection they’re offering on. If enough of these bids are accepted well below the floor price, the available WETH (wrapped ETH used for making offers on OpenSea) will be used up, and further attempts by users to accept those offers will be rejected. This bot-driven activity is often mischaracterized as spoofing.

Well, what can be done about NFT bots?

Anti-bot Software

A broad solution is for NFT projects to attempt anti-bot mitigation during the mint process . There are a few simple methods to reduce repeat mints from a single source:

  • Stopping the reuse of signatures and thus limiting the amount of NFTs that one address could mint.
  • Deter bots by giving them a captcha-like test which slows down and humanizes the minting process.
  • Detect repeat mints from the same IP address.
  • Require per-mint authentication via Twitter or Discord.

This isn’t an exhaustive list of what has been tried, but these are some pretty straightforward steps that can help.

Whitelists

Another way to circumnavigate bots in the NFT space, which already is being used widely, is by adding a whitelist to your minting process.

A whitelist acts like an appointment/VIP list for folks interested in minting a certain NFT project.

Besides sometimes getting a discounted price, adding a whitelist (partially) solves the problem of people missing out on a mint. Instead of rushing for the gates with hundreds or thousands of other people (bots included), a whitelist spot allows you to schedule a time in advance to mint your NFT, ensuring that you get your spot in line but also ensuring that you (hopefully) don’t pay bank-breaking gas fees.

Getting on a whitelist, though, can be tricky. Like trying to get a bid into a college fraternity, different whitelists require different things to get on, and frankly, it often gets political. Some folks are given whitelist spots just for being influential. Others are given whitelist spots for being insanely active in a community (i.e., answering questions in the discord, or by inviting new people to the group.)

As you can imagine, there are problems with whitelists. For one thing, whitelists tend to favor people with more influence, but also, whitelists generally only allow a small number of people to guarantee a mint. This then pushes people to extreme lengths to get whitelist spots. For instance, some degens have offered to pay someone else to remain active in a discord group (called a ‘whitelist grinder’, e.g., tasked with 300 messages a day for 2 weeks) just so they can guarantee a whitelist spot. Plus, we can’t forget, whitelists with simpler requirements can sometimes be infiltrated by bots as well (inviting a whole bunch of fake people to a discord group.)

Regulation

Last but not least, we could get some resolution with bots by having more government regulation in the NFT space.

Obviously regulation is a touchy subject in crypto. Some degens might prefer the every-man-for-himself environment where regulation is not necessary. One Redditor espoused this view by saying, “When you are up against the GPT-3, AI, bots, and GANs, there is no winning without curation and/or creator verification. [But] I value my pseudonymity, so I eschew the verification process.”

On the other end, you’ve got people who’ve been burned by bots and who are eager for authorities to chime in. In which case, they might want their government to propose anti-botting acts to stop people from bulk buying, or more general regulation to halt spoofing in crypto markets.

At Flip, we find this to be a pretty unlikely outcome, as well as one that might end up with more consequences than benefits. While regulation is certainly on the way for crypto, it’s probably going to be more focused on securitization issues than market automation.

In Summary

Your minting pages, your favorite marketplaces, and your discord groups are already being infiltrated with bots . . . whether you like it or not, the NFT community will have to thoughtfully wrestle with these programmatic denizens.

As we approach the future of NFTs, it seems increasingly important to have intelligent, crypto-native minds leading the debate on how to combat nefarious bots, as well as how to promote benevolent bots, all without crushing the positive aspects of decentralization.

Perhaps one of you reading this has the technical expertise necessary to create a non-invasive anti-bot software, a better iteration on the whitelisting model, or any other conceivable tool to increase the NFT market’s efficiency.

We’d love to hear your thoughts.

Happy Flipping,

The Flip Team

Back to updates archive