NFT marketplaces like OpenSea are often under pressure to crack down on stolen or counterfeit NFTs, but there are many NFTs that are reported as stolen yet were willingly sold. While the total number of stolen NFTs is unknown, there exists millions of dollars’ worth of high-value NFTs that are reported as stolen, and are thus frozen from OpenSea’s platform, even though some of them weren’t actually stolen. This is a problem primarily for high-value NFTs from famous collections, but it can happen to any NFT on the blockchain, and OpenSea hasn’t adapted yet to discern between a true theft and a ruthless trader abusing the system.
OpenSea is a Web3 marketplace built on Ethereum where users can list, bid on, and buy blockchain non-fungible tokens (NFTs) from each other. OpenSea itself is a company headquartered in the United States, and has earned a controversial reputation in the Web3 space for exerting centralized control over its platform. Unlike its community-owned, decentralized competitors Rarible and LooksRare, OpenSea is owned and operated completely by a centralized team, and thus suffers the same problems other centralized platforms have in dealing with malicious users. In an industry that champions decentralization and community ownership, OpenSea has always been a sore subject.
Decrypt recently detailed the estimated value of big-name NFTs that had been stolen as of early July, which amounted to over $25.4M across 823 stolen NFTs. However, many of the tokens from these NFT collections (often worth millions) aren’t actually stolen, but were still reported as stolen by malicious users. Also, an NFT that was stolen at any time in its history is banned from OpenSea until the user who filed the claim reports it was returned, permanently marring its value. The reason why this is happening is due to the way NFTs and cryptocurrencies are stolen, which OpenSea can’t do anything about.
There are many ways to steal blockchain assets, depending upon the information that is known about the victim and their naivete around crypto, but all methods require the victim signing away their property. The easiest way to “steal” an NFT is to place a bid on the NFT in a different cryptocurrency (such as stablecoins) than what is listed. For example, bidding 3.5 USDC (worth $3.50) for an NFT listed for 3.5 ETH (worth over $4000 as of publication), and if the seller isn’t paying attention they will accept the bid and sell the NFT at a severe discount. If the victim’s email address is known, then they receive an email from “OpenSea” claiming some kind of problem with their account, and three clicks later have signed away their NFTs. There are several other ways to steal NFTs, like Discord scams or fake airdrops, but all of them rely on tricking the victim into signing away their property.
Users rightly question if OpenSea is safe, and may avoid the marketplace altogether, but it has also brought many new users into NFTs. Being a centralized company, OpenSea must protect its users as a corporate entity is expected to: by direct intervention. Even though this approach to managing issues often creates new problems that must be intervened in, they don’t have any other choice, as many users simply don’t know much about crypto. The result is that a malicious NFT trader can sell their NFT to a buyer, report it as stolen to OpenSea, then later buy it back cheaper elsewhere, and report it as returned so they can sell it on OpenSea again. Twitter user/NFT trader @franklinisbored pointed out this scheme on July 2.
Thus, when buying an NFT it is necessary to investigate its history for details of whether the NFT was stolen, especially checking its OpenSea page to see if it has the red “Reported for suspicious activity” banner before buying it. The only way to prevent theft is healthy skepticism and on-chain safety practices, as blockchain ensures that nothing, including NFTs, can be stolen which wasn’t given away by its owner.