Cyber-thieves have stolen approximately 30 million euros worth of carbon credits circulating in the EU Emissions Trading Scheme (ETS), authorities revealed yesterday. The carbon credits are entries in a distributed database maintained by EU states. Companies access their credits by logging into their online user account. Crackers used phishing-style attacks to obtain login credentials from companies, and transferred credits to other accounts.
This sounds familiar. Here’s an interesting exercise: let’s compare EU carbon credits with the virtual gold of the online game World of Warcraft. See if we can find a difference.
- Both credits and gold are elements in an abstract system of rules, implemented as a computer program. Neither have any shape or function outside this system.
- Both systems have a certain group of participants, and each participant has a “user account”. Each credit/gold coin belongs to exactly one user account.
- Both credits and gold can be transferred between accounts, but creating new ones is not possible; only the operators of the system can do that. Both are thus artificially scarce.
- Both credits and gold can be exchanged to national currency by selling them to another participant who finds them so useful as to be willing to pay money for them.
- Because of the above, both are targeted by cybercriminals who attempt to steal them through phishing attacks.
ETS credits are clearly the industrial version of game currency — industrial grade virtual goods. Funnily enough, it seems from the news coverage that ETS has worse cybersecurity than WoW. Those who set up new virtual economies would do well to learn from their predecessors in the game industry.