NFT marketplaces like OpenSea often have to contend with stolen or fake NFTs, but there are many NFTs that have reportedly been stolen but have been voluntarily sold. Although the total number of stolen NFTs is unknown, there are millions of dollars worth of expensive NFTs that are considered stolen and therefore frozen from the OpenSea platform, although some of them were not actually stolen. This is a problem primarily for expensive NFTs from well-known collections, but this can happen with any NFT in the blockchain, and OpenSea has not yet learned to distinguish between real theft and a ruthless trader abusing the system.
OpenSea is a Web3 marketplace built on Ethereum, where users can place ads, place bets and buy non–interchangeable blockchain tokens (NFT) from each other. OpenSea itself is a company headquartered in the United States that has earned a controversial reputation in the Web3 space for centralized control over its platform. Unlike its decentralized competitors Raible and LooksRare, owned by the community, OpenSea is fully owned and managed by a centralized team and thus faces the same problems as other centralized platforms when dealing with attackers. In an industry that advocates decentralization and community ownership, OpenSea has always been a sore topic.
Related: NFT Bay is a Pirate Bay for Expensive JPEG Files
The transcript recently detailed the estimated value of the known NFTs that were stolen in early July, amounting to more than $25.4 million in 823 stolen NFTs. However, many tokens from these NFT collections (often worth millions) are not actually stolen, but are still reported by attackers as stolen. In addition, an NFT that has been stolen at any point in its history is blocked in OpenSea until the user who filed the claim reports its return, which will permanently devalue its value. The reason this is happening is due to the way NFT and cryptocurrencies are being stolen, which OpenSea can’t do anything about.
NFT signed, not stolen
There are many ways to steal blockchain assets, depending on the information that is known about the victim and her naivety about cryptocurrency, but all methods require the victim to sign their property. The easiest way to “steal” NFT is to bet on NFT in a cryptocurrency other than the one listed (for example, in stablecoins). For example, the rate of 3.5 USDC (worth 3.50 USD) per NFT, indicated for 3.5 ETH (worth more than 4000 USD at the time of publication), and if the seller does not pay attention, he will accept the bid and sell the NFT at a serious discount. If the victim’s email address is known, they receive an email from OpenSea stating some kind of problem with their account, and after three clicks their NFT is signed. There are several other ways to steal NFT, such as fraud in Discord or fake airdrops, but they are all based on tricking the victim into signing their property.
Users are rightly wondering if OpenSea is safe and may avoid the market altogether, but it has also attracted many new users to NFT. As a centralized company, OpenSea must protect its users, as expected from a corporate entity: through direct intervention. Although this approach to problem solving often creates new problems that need to be interfered with, they have no other choice, since many users simply don’t know much about cryptography. As a result, a malicious NFT merchant can sell his NFT to a buyer, report it as stolen in OpenSea, and then redeem it cheaper elsewhere and report it back to sell it again in OpenSea. Twitter user/NFT trader @franklinisbored pointed to this scheme on July 2.
Thus, when buying an NFT, it is necessary to study its history to find out if it has been stolen, especially check its OpenSea page to see if it has a red “Suspicious Activity Reported” banner on it before buying it. The only way to prevent theft is through healthy skepticism and security practices on the network, since the blockchain ensures that nothing, including NFT, can be stolen from what has not been transferred by its owner.