Beyond Bitcoin – Cryptocurrency, NFT other virtual securities business models

I blew my chance (maybe). I didn’t know it at the time, but I could have been a Cryptocurrency Influencer and gotten rich and retired to the beach by now. Instead, I get to attempt to dissect how everybody and their brother is in getting into the cybercurrency / NFT / …. what should perhaps be called Virtual Securities business.

You get rich, I get an article…. I’ll start with my “cryptocurrency story” and then get on to exploring virtual securities business models (just skip ahead a bit if you are in a hurry):

  1. Bitcoin – Cryptocurrency Classic
  2. Public Virtual Securities Exchanges
  3. Private Virtual Security Exchanges
  4. Synthetic Tracking Securities
  5. Skill Games

There are a several more coming soon:

  1. Insurance
  2. Fighting Digital Asset Piracy with Virtual Securities
  3. Rich Transaction Systems and
  4. Superfiliates


NOTE: This is an ongoing exploration of the potential and pitfalls of virtual securities models. Your comments, questions, and suggestions are welcome – there is a form at the end of this article – I look forward to hearing from you. Thanks – Steve

In the beginning, there was Bitcoin

On 18 August 2008, the domain was registered. Sometime in 2009, the world started hearing about bitcoin.

Now, if you are in the security business (as I was starting in 1986), new cryptographic systems are kind of like a mouse to a cat.

You want to play with them. Take them apart.

So, like many security guys, that’s what I did. I was mostly interested in weaknesses in the overall system – how could you exploit the blockchain and financial system without having to break the cryptography (how costly would it be to put “malicious” transactions into the chain?). I had some ideas, fiddled with them. Figured it would go away. Certain that it would be banned by the SEC or blow up for some other reason… and moved on.

My big cryptocurrency chance

By 2011, I had gotten married and had a child… and I was somewhat burned out on security, so I focused on being a parent….Baby in diaper seemly walking on water

Sometime thereafter… it didn’t make an impression at the time, I was contacted by a new cryptocurrency (I don’t remember which one) to look at it and endorse it.

Why did they contact me?

Who knows?

Well, at the time, I had a security blog ( – long departed – focused on computer game security) and I did have a pretty decent computer security profile on LinkedIn… so I was probably a C or B list security person…

…. or they just went through the LinkedIn directory and cold emailed everyone with “cryptography” in their profile…

I wasn’t really interested, wrote them a note that I would be happy to do a security evaluation on their system for a price…(dollars, thank you)

And never heard back.

And went back to ignoring cryptocurrencies.

No beach for me.

(surely the government was going to do something about them?)

Cryptocurrencies go viral

Sometime in 2013 or 2014, maybe a bit later, some online businesses that I followed started to take bitcoin and advocate taking bitcoin.

I was surprised.

It seemed pretty shady.

But, it caught my attention.

How did this thing work?

The businesses that did this were selling digital products, so their risk was low and bitcoin seemed to be going up up up.

Why not?

Except it seemed wrong.. but the SEC moved to legitimize cyber currencies… so…. ?????

While everyone was focused on the cryptography, the interesting thing with crypto currencies / virtual securities is the business.

And it wasn’t new at all.

In fact, I’d been studying virtual securities by another name for years at that point, and they had been around, and causing trouble, for longer than that in the computer games business.

Except they weren’t called cyber currencies, they were Virtual Items, and it wasn’t currency mining, it was Gold Farming.

What had been a security problem in the online game space of World of Warcraft and Second Life had been turned into a industry on its way to becoming legitimate.

little girl using computer keyboardAside – MMOs and the world of Real Money Transactions (RMT)

Massively Multi-player Online Games had a problem almost from the beginning. Starting with Meridian 59 in 1996, and then when they got famous in 2000 with Everquest and then World of Warcraft, everyone faced a common foe – their customers.

People cheat.

Or rather, lots of people want an easy advantage. These games all made their money based on subscriptions, and so were designed to keep players engaged as long as possible. Keeping them paying monthly by dribbling out content and making it time consuming to consume content and making the coolest content hard to get. For regular players, it was a (hopefully) fun grind.

But some people wanted a short cut.

Enter Real-Money Transactions.

  • People would pay for a high-level character.
  • People would pay for cool weapons and armor.
  • People would even pay real money for virtual gold.

An industry was born.

Some people would create and sell “bots” – automated programs that would play for you so you could earn in your sleep.

Others would simply outsource game play to (usually China) and have their characters “power leveled”.

Still others bought and sold accounts (so much for non-fungible, but we’ll come back to this later).

An entire industry of game players, again mostly in Asia at the time, would play the games in a way to optimize how much “gold” they could earn (and then sell). What was supposed to delay typical players, was turned into gold farming.

It turned into an arms race between game developers and operators on one side, and the hackers and entrepreneurs on the other.

NOTED SOMEWHAT IRONICALLY: One of the reasons that online game companies fought against RMT so hard was that they were afraid that the government would crack down on them for selling virtual securities or engaging in gambling.

It was fun to watch, comment on, and critique…. I even got a book deal out of it Protecting Games (long out of print and date, don’t buy it, email me if you want a copy).

Some companies embraced virtual items and made them a core part of their business.

One of the earliest companies to do so, was Iron Realms Entertainment, which ran, and runs, text-based online role playing games. They created a two-tier currency system, one time based and the other money based, to purchase items in the game. They also managed the market for the exchange between the currencies.

For a small, independent game company, this not only saved money (a lot of MMO companies spent a lot of resources fighting RMT), but made them money (and limited the effectiveness of gold farming because they could always make it cheaper to buy virtual gold from them directly).

They even created rare or unique virtual items for sale (proto-NFTs?).

Things got even crazier in China.

  • Zhengtu Online (or ZT Online) created “loot boxes”, basically a slot machine purchased with cash that could randomly output extremely rare virtual items…extremely rarely
  • … and Tencent created a virtual currency called QQ coins (no blockchain required) that because so popular that the Chinese government looked into considered regulating them (this is an amazing company that I’ve happily owned the stock of for years).

Virtual Securities Business Model 1 – The Satoshi Nakamoto System – Cryptocurrency ClassicGold Bitcoin coin in front of US $100 bill

Satoshi Nakamoto seemed to have found the way to solve the Internet 1.0 problem that gave us and ended and other now forgotten companies when he created bitcoin (intentionally or not):

“How do you lose money on each transaction and make it up on volume?”

Answer – speculation

Ignoring the cool math, you need four elements:

  1. Generate a bunch of your Virtual Securities.
  2. Have a cool Tilt to sell your system.
  3. Give a bunch of them away to Influencers.
  4. Hope they go viral.
  5. “Make almost Free, Sell High”

Satoshi Nakamoto came up / put together  several pieces into a brilliant Tilt:

  1. The blockchain – a public, distributed cryptographic transactional database to allow anyone to trade bitcoin (and fractions of bitcoin) anonymously (we’ll come back to this)
  2. Currency mining – the capability to make money from “nothing” (well, power and computer resources that may not actually belong to you – hackers and others have installed malware on victims computers to “mine” for bitcoin)

For bitcoin, there may have been less need to formally recruit Influencers as you could, if you got in early, mine your way into the system, but it looks like the “gift of bitcoin” helped get publicity for the system started:

 In 2010, the first known commercial transaction using bitcoin occurred when programmer Laszlo Hanyecz bought two Papa John’s pizzas for $10,000.  – Wikipedia

Your influencers were, of course, naturally incentivized to spread the coin and the word…

(I’d be willing to bet – real money – that  Laszlo Hanyecz didn’t PAY $10,000 for his bitcoin that he used to buy the two pizzas)

After all, mining was designed to be increasingly difficult.  So the supply of bitcoin would grow more and more slowly… and that trading existing coin would be more and more valuable.

(There were around 2 million bitcoin in 2010, doubling to 4 million in less than a year, it took around 18 months until 2012 to reach 8 million, and 5 years until 2017 to reach 16 million).

If your currency catches on, you’ve made a mint (literally) from those early coin that you generated easily and efficiently and kept (it is good to set the rules).

For more on the Cryptocurrency Business Model.

Sign wrapped around exterior of office building stating "blockchain making transactions safer and faster
Photo by Pascal Bernardon on Unsplash


Technically, there are a a number of types of blockchains. They combine collaborative transactions, various voting schemes, digital signatures.

Back in the early 2000s, I created one (though I didn’t know it) for a “secure game contract” to allow games (ranging from poker to an online game) to be independently verified by any party to the game with the idea you could ensure (and maybe insure) game outcomes (in my case, each party to the game submitted their digitally signed game actions to each other to together build the game contract).

The bitcoin style collaborative transaction ledger is the most famous, but there are many ways to make them work and do different things… interesting…but

…The magic of blockchain (specifically for bitcoin) is that it made people trust that they could trade the bitcoin virtual securities. Extra points for anonymity.

In some sense, blockchain has done for virtual security trading what SSL/RSA did for eCommerce.

ASIDE – The Magic Netscape Navigator Lock

It is hard to remember now, but when we were in the early days of the Internet, people didn’t feel safe spending money online. The Internet was Scary. We were using our brand new Netscape Navigator (1994) to surf the web, but no one was spending money. In 1995, Secure Socket Layer (SSL) came out. Public key cryptography to protect communications over the World Wide Web!


Pretty rapidly, the technology evolved to make security folk happy (reasonably)… but, more importantly, Netscape added a little lock icon to the top bar of your browser to let you (You and me, not the security folk) know that you were safe.

“SSL blah blah blah

RSA blah blah

PKI blah blah blah blah.


Those 32? pixels were enough to launch the Internet Revolution.

ASIDE ASIDEWhat is interesting is that this didn’t happen with digital signatures. In the 1990s, there was a huge push to move to Public Key Infrastructures (PKI) to replace physical “wet” signatures but, mostly, what they’ve done is replace faxes (Hello DocuSign!) – at mostly fax-replacing pricing.

The important part of RSA and SSL wasn’t the cryptography, it was the lock icon
(a lesson that cost many security companies a lot of money.. including me).

This should also serve as a warning to all those “hot” blockchain companies out there… the challenge is trust in the business and business model, not nifty security technology.

Anonymity also gave bitcoin a delightful customer base for online criminals. Ransomware doesn’t work very well if you need to deliver a briefcase of cash.

A numbered account and digital transfer of assets across “The Net”..

No muss. No fuss. No risk.

While this was great for crooks and early adopters, the technology was a bit fiddly. Funky software. Complicated processes.

What you need to take virtual securities to the next level was ease of use.

Hello Public Virtual Securities Exchange Systems (Coinbase and its peers)!

Virtual Securities Business Model 2 – Public Virtual Securities Exchange SystemsClose up image of bronze Wall Street bull scuplture

By making trading virtual currencies as easy and familiar as trading traditional stocks and bonds, Coinbase radically grew the market for all forms of virtual securities. In addition, the backing by venture capitalists made cybercurrency/virtual security trading inherently more legitimate.

… and adding a virtual security to Coinbase immediately legitimizes it (and creates trading transaction revenues)… even better than Individual Influencers.

Ultimately, just as with traditional stock exchanges and banks, the credibility of the institution trumps technology…

… blockchain really isn’t needed anymore.

… anyone can trade in virtual goods/items/securities.

Read more about Virtual Security Exchanges.

NFTs – Digital Signatures Strike Back!

NFTs – Non-fungible tokens.

They’re digital signatures. Just like any digital signature, they can be associated with something, but they are just a string of Zeros and Ones.

They aren’t the “thing” they are associated with.

A digital signature of a painting isn’t the painting.

They don’t make anything more “authentic”… the hard part is NOT the digital signature, it is somehow credibly (that darn “trust” thing again) associating some “thing” with its digital signature.

My having a digital signature for the Mona Lisa is worth exactly as much as you’d think it is worth.

They also don’t guarantee something is not duplicated. Just because a signature is unique, doesn’t mean that the item is.

… and it isn’t going to guarantee that you get paid for subsequent transactions (sorry).

After all, with easy generation of anonymous accounts, there is absolutely no reason to trade an item from account to account… especially if you have to pay a commission to both the exchange platform and the original owner…just sell the account (just like in online games in the 2000s! What’s old is new again).

Man looking at stock trading application on a laptopVirtual Securities Business Model 3 – Private Virtual Securities Exchange Systems – The return of RMT?

And we’ve come full circle.

Now that virtual securities are accepted and trading them is trustworthy… why bother with a public exchange? … or cryptography? … or blockchain?

… why not just have bits in a database?… and centrally controlled user accounts (no need for anonymity)?

… like an online game?

… or an old fashioned stock market?

No complaints about power consumption or criminals.

Just the fun of virtual security trading based on anything.

  • You don’t need a public exchange (eliminate the middleman).
  • You can do a much better job of controlling payments and security.

The NBA is now trading “Top Shots”. Porn stars are trying to do the same… but facing a public market backlash… so do it yourself.

But, David Bowie publicly listed Bowie bonds back in 1997.

Magic: The Gathering collectible card game or Topps created scarcity by manufacturing rare cards – taking this online is not new or news, but clearly the monetization options have grown.

With the opening up of the virtual security business, the potential to cross games (or gamification) with virtual securities is an open world waiting to be explored and exploited.

Read more about Private Virtual Security Exchanges.

The Weakest Link – Math Security vs. Real World Security

A lot of crypt-security folk attack security problems through the cryptography. I get it, the math is pretty neat and sophisticated AND, if you succeed, it can be a pretty significant thing.

I’m much lazier.

I prefer to attack the link between the math and the real world.

  • A person is not a username/password pair or a private key.
  • A piece of art or game ticket or digital sword isn’t a database entry or a digital signature or entry in a blockchain log

Too often, these links are weak to begin with.

Many of the new cyber currencies are built on a premise of anonymity – no link between a person and an account. A digital “numbered Swiss bank account” or bearer bond by design.

Undermining identity in a weak identity system is usually trivial.

  1. Carry out a personal transfer between two or more accounts. Or
  2. Transfer the account itself (some variant of a username/password or private key)

The only thing that slows this down at all is if there is a notable cost with the creation of new identities or a high transaction cost for all transfers of assets (or adding “transactions to a blockchain” or whatever).

Weak links between assets and their virtual representations are even easier to subvert as they are meaningless. The one exception is an old school stock.

Really, the digital records held by our various stock brokerages are the authoritative “owners” and certifiers of ownership for stocks.

If you are old enough, you may have a physical stock or bond certificate, but this is largely a legacy system (and, as we found out with some stocks that were given to my wife when she was a child, a big PITA to sell).

Now, everything is digital and held in a “Street” account by your brokerage.

We could do this with art (and tickets) and … if we chose to control the secondary market (which is really what a stock market is anyway) with a unified, strong identity system.

The Scalper Problem (Secondary Markets)

Events have scalpers and online games have account sharing and Real Money Transactions… unauthorized trade in virtual goods.

There are two challenges:

  1. Stopping transactions entirely
  2. Making sure that you get your “cut”

Stopping transactions entirely is virtually (bad pun, sorry) impossible. The system that can almost always work is the direct trading of accounts outside of your system:

Person One simply provides Person Two their account credentials (username, password) in exchange for some payment somewhere

As this occurs entirely outside of your “ecosystem”, there is no way to stop it. In online games, this led to a number of problems where players would sell or share their account credentials to have their character get “power leveled” up or simply buy or sell an account.

This was annoying.

But, it became much more annoying for game companies as an untrustworthy power-leveling group or account seller would use the “Password Recovery” system to take the purchased account back (as many purchasers would not go in and change the password recovery settings in the account immediately on purchase).

Crooked crooks? Shocking!

But, it then became a customer service problem for the game company as the defrauded buyer (involved in an unauthorized activity) would complain to the company.

The fact that the transaction was unauthorized didn’t matter.

Back to scalping.Fisheye view of crowded basketball stadium from a skybox at night

The key to preventing unauthorized transactions is creating a strong identity system (with or without trading).

As I live in the SF Bay Area, let’s use the Golden State Warriors as an example.

Strategy One – Individual Tickets

If you were trying to stop ticket scalping, you might link an individual ticket to a lottery entry… not for a little prize, but something big… or a wide range of things that can be won, big or small.

And it’s linked to the person who purchased the ticket’s identity information.

Wrong ID, no prize.

So, the prizes are drawn (maybe at half-time, maybe intermittently during breaks in game play) and you have to show up to pick up your ticket (or, for evil fun, someone comes to your seat with the TV cameras looking at you) to give you your prize (and verify your ID).

Marketing Promotion and Security!

Strategy Two – Season Ticket Holders

If you are concerned with season ticket holders. You can link their ticket / account identity to the ability to purchase food and items at your stadium store (or online) … creating a risk for the account holder to give access to their account to a potential scalped ticket purchaser.

Double down on this with a ticket being replaced by a credit card.

Strategy Three – Trading Partnership

Push trading transactions for free (or modest fee) through some established trading platform (such as eTrade) where both parties need an account. You may make more from the partnership deal than the trading and an open, liquid trading platform (as well as allowing ticket holders to return tickets at cost if they can’t come) would minimize the black market scalping opportunities.

Strategy Four – Rich Transaction system

Heck, we’re in an article on virtual securities, why not run your own transaction platform? You could always hold back some tickets or unused capacity for individuals to trade in tickets. You don’t need fancy NFTs, you can build a rich transaction system platform with loyalty points, trading in old game tickets, and all sorts of things to link fans to your team. Tickets could have a random player picture or game moment or even something as simple as a Suit and Number so participants can build up sets and other groupings to create value.

Virtual Securities Business Model 4 – Synthetic Tracking Securities

Does anyone remember “Tracking stocks” back in the 1990s? (Probably not… they were kind of a dud – everything you want in a publicly traded stock and less)

They were publicly traded stocks that “tracked” lines of business within public companies (the key being that the performance metrics for the business unit was publicly visible).

They didn’t work very well for publicly traded businesses BUT…

Given all of the options for virtual securities, it is certainly possible to build such a system again for almost anything:

Bitclout being the most obvious for tracking people….

But there might be more interesting options:

Art Museum Collections

Many art museums (if not most) have collections that far exceed the number of pieces on display. The Metropolitan Museum of Art in New York has more than 200,000 pieces of art! Many aren’t exhibited for space reasons, but some, such as works on paper, are just hard to display.

Why not synthetic securities for art?

Sell a minority interest in works in your museum’s “back catalog” (probably releasing it gradually) as a funding source and a way to give visibility to (and monetize) your art collection.

Pre-funding start ups for fun and profit?

It seems bizarre that I can speculate on shares in Elon Musk, but I can’t ride along with some of the cool businesses I hear about without being an “accredited investor”. Whether it is something bigger, like ConvertKit, a bit smaller, like Castos or Less Annoying CRM, or even nascent like Legup Benefits.

Anything that can be tracked publicly, can be turned into a security – athletes at FanDuel and DraftKings… though a recent ruling from the IRS should add further confusion to the matter. The IRS allows you to deduct some of your fees, but considers the games “games of chance” and creates some potentially serious tax liabilities for the companies…

Do I need to remind you … I AM NOT A LAWYER?

Read more about Synthetic Tracking Securities.

Virtual Securities Business Model 5 – Skill Games

Chris Melissinos, when he was Chief Gaming Officer at Sun Microsystems, called the stock market, the “biggest massively multi-player online game in the world”… after all, once the stock has floated, most investors are along for a speculative ride based on press releases and 10-K reports.

If Draft Kings and FanDuel are legal, how far can you go with virtual securities?

While online gambling hasn’t been widely legalized, there seems to be pretty good confidence in legal “games of skill”.

The market hasn’t caught on (yet).

I’ve been intrigued by these games for years.

Most of the games that companies have tried have been highly skillful games (such as first person shooters) or solo casual games ( started with computer casual games based on Connect-3 and such before Candy Crush took off as a pure casual game) or testing the limits of gambling (Zynga in its early days).

The “trick”, in my view, for these games to be successful, is that they have to be able to be played skillfully (some level of player strategy), but not such that any players are dominant (no one is going to stay around – and pay – getting their clock cleaned playing Doom for Dollars).

Poker captures this concept perfectly – players can always “see” how they could have done better, but aren’t frozen out by dominant players.

And the other “trick” – is to avoid actually being a gambling game (I need to write about my game Battleship Poker sometime).

… of course, if we can have Fantasy Sports for money, why not parimutuel wagering on competitive computer games and bring the horse racing business model into the 21st century?

Read more on Skill Games.

Virtual Security or Currency?

Apparently, anyone and anything can be turned into a virtual security.

We can all play the speculation game and bet on their future.

We do need to understand what we are building – and virtual securities offer more choices than ever.

Are you building a virtual security with the intent to focus on increasing value?

Do you need (or want) to have public trading of your virtual security?

Are you actually building a virtual currency to encourage interaction with and participation in your business? (If so, I strongly recommend Actionable Gamification by Yu-kai Chou there is a ton of opportunity here, but you can screw things up easily).

Is it time to revisit real money transactions for games?

You may be able to mix virtual securities, currencies, gamification, trading, speculation, and games together… but you certainly have to think it through intentionally.

What do you think?

What are your thoughts or ideas on the emerging world of virtual securities?

How can i make this article more useful?

Do you have any questions?

If this was helpful to you, I’d ask that you consider supporting the Disabilities United Association. Thank you.

[contact-form-7 id=”10″ title=”Contact form 1″]


Similar Posts