Posted by An Janssens

The metaverse, playground for criminals?

The new world of the metaverse, working with crypto-currencies and NFTs, is naturally also attracting the attention of the criminal world. As with the start of the internet, this will undoubtedly lead to the emergence of new forms of crime, and the question will be whether our legal and police system is sufficiently equipped to deal with it. How metaverse crime will further evolve is still unclear, but the first indications of this evolution are already noticeable. For example, Europol’s 2022 report “Policing in the metaverse” has already shown that the metaverse platform Roblox is the 8th most imitated brand in phishing attempts worldwide. This is worrying, especially as 67% of Roblox users are children under 16, but is also indicative of criminal interest in the metaverse.

From “know your customer policy” (KYC) to “know your avatar policy” (KYA)

Anyone taking a closer look at the metaverse will be able to spot a number of criminal pain points fairly quickly. First is the issue of identity fraud. In the metaverse, the use of avatars is ubiquitous. And with the advancement of technology, avatars are also becoming more and more photorealistic. This therefore makes it easier and more convincing for criminals to use fake digital identities to commit fraud, whether by using deepfake software or not.

To prevent this, one should of course try to find out who owns an avatar, or in other words who owns the virtual identity. This is important because when a crime is committed, it is crucial to identify the physical persons who committed the crime. In addition to a “know your customer” policy, companies should actually develop a “know your avatar” policy as well, to prevent fraud. And avatar identification should actually also be a separate part of anti-money laundering legislation.

Another criminal pain point in the metaverse are cryptocurrencies and “non fungible tokens” NFTs. Especially during the corona pandemic, the intrinsic value of digital assets has skyrocketed and this too has attracted criminal attention. Of course, digital assets are used in money laundering operations, but in addition, criminals are also trying to steal digital assets. For example, there have already been several cases of theft of “bored apes”, the highly successful series of NFTs. These thefts took place by hacking the Bored Ape Yacht Club’s Instagram account and the digital auction platform Opensea, among others.

And new forms of sexual crimes are also popping up in the metaverse. Back in 2007, the first case of an avatar being digitally raped on the platform Second Fife was reported, and in 2022, journalist Nina Jane Pattel described how her avatar was “assaulted within 60 seconds” on the platform Horizon. But it goes beyond this, of course. On platforms such as the “child-friendly” Roblox, sex clubs were created by certain users where people talk about sex and have their avatars have virtual sex, but which could just as easily be used by sex criminals to target minors.

Should criminal law be changed?

Obviously, there is a need to assess whether the current criminal law is adequately equipped to tackle crimes committed in the metaverse. This means examining whether the criminal law’s offences are defined in such a way that digital crimes are also covered by the criminal law. This will give rise to questions such as whether abusing an avatar can be equated with abusing the physical person behind the avatar. And the issue of locating the crime will also have to be revisited here. After all, if a crime is committed in the metaverse, where is that crime committed? Answering this question is obviously relevant to knowing which jurisdiction has jurisdiction to prosecute the crime. Food for thought…