How Safe Are Your NFTs on OpenSea? One Plaintiff Says Not at All
Following the theft of multiple NFTs, OpenSea has asked a user to perjure themselves as a precondition for unlocking their account. This move sets a worrying precedent for users of the world’s biggest NFT marketplace.
If you’re unlucky enough to have an NFT stolen, you’d expect the world’s biggest NFT marketplace to act quickly and diligently. BeInCrypto has learned this is not always the case. In the case of Robbie Acres, OpenSea froze his account for over two months. Unless he made a statement that his wallet hadn’t been compromised, he wouldn’t get it back. This is what we know:
On July 12, 2022, at 13:28 GMT, two NFTs were transferred without permission from Robbie Acres’s wallet. One from the HAPE PRIME collection and another from Karafufu. Speaking to BeInCrypto, he suspects he was the victim of a phishing scam.
Shortly after, at 14:11, Robbie Acres, who is an avid NFT trader with a career in Web3, sent a report to OpenSea — in line with their stolen items policy—asking they be returned to his wallet and the scammer’s account locked. Robbie took note of the wallet they were in and notified the relevant communities.
Source: OpenSea
One Claim Is That OpenSea Did Not Act Quickly Or Attentively Enough
However, within an hour and twenty minutes of both NFTs being transferred to the scammer’s wallet, they had been sold on. Within this timeframe, Robbie and his legal team believe there was ample evidence and time to prevent the NFT from being sold on. In an email to OpenSea, he said: “I notified OpenSea immediately prior to them being listed by the scammer at this point they should have been removed from sale and returned to my wallet. This has not been the case and both were sold.”
Despite OpenSea recently launching a feature designed to automatically detect theft and prevent assets from being sold on, neither NFT was caught in their net. Even though two NFTs separately worth thousands of US dollars were transferred without payment.
Over two hours after his initial report, Robbie was asked to re-submit the ticket using the email address associated with his account. He changed his profile’s email address and was back in touch less than four minutes later.
On the 13th and 14th, Robbie sent another two emails asking for a response. Making it clear he expected reimbursement or the return of the stolen assets. He gave the company until the end of the week to respond before escalating with a legal response.
Late on the 14th, Robbie received the first response that engaged with the issue. OpenSea admitted and apologized for a “delayed response” but said they would be unable to “recover lost funds or NFTs that have been transferred out of his wallet. I know this is disappointing, and it’s not the answer you were hoping for.”
Account Frozen During A Market Downturn
In response, OpenSea did three things. They locked the scammer’s account and the stolen NFTs. But also Robbie’s account — without his permission — which was full of expensive and volatile assets. If he wanted his account unlocked, he had to say, “I confirm my wallet is not compromised.” Which it obviously had been.
After multiple months and emails, Robbie was asked on September 29 to agree to this statement:
I certify under penalty of perjury that I have learned additional information and would like to withdraw my report that my wallet [insert wallet address] was compromised. I would like for OpenSea to re-enable buying, selling, and transferring of the item(s) in this wallet using OpenSea. I understand that this action is not reversible.
What is so worrying about the above statement is that 1) it held Robbie’s assets for ransom. 2) Robbie had to relinquish all claims to the stolen NFTs, thereby permanently removing any chance of getting them back, and 3) it is illegal in US law for a marketplace to facilitate the sale of stolen NFTs. By demanding that Robbie sign this statement, they are attempting to remove their legal culpability.
This action by OpenSea meant that he was unable to trade during a significant market downturn. Robbie is claiming 500k USD in damages.
An OpenSea spokesperson has told BeInCrypto:
“Theft is one of the biggest and most challenging ecosystem issues to solve because it happens across many different digital surface areas and through many unique (and legitimate) communication channels… The theft in question took place outside of OpenSea and the items were sold before OpenSea became aware of the reported theft. Soon after we were notified and became aware, we disabled the items and the user’s account has since been unlocked.”
“The NFT Lawyer” Is Pursuing Legal Action
The case is currently with Enrico Shaefer, a founding lawyer at Traverse Legal. Shaefer’s legal specialism is NFTs, DAO, and blockchain. He also hosts his own educational YouTube channel. On The NFT Lawyer, Shaefer discusses the intersection between digital assets and the law.
Shaefer told BeInCrypto that OpenSea has violated consumer protection laws and breached its TOS and written policies.
“OpenSea failed to act diligently on a complaint of a stolen NFT and locked my client’s account without permission,” he says. “OpenSea is also liable for conversion, treble damages, plus attorney fees for taking control of my client’s assets and refusing to release them. Finally, OpenSea’s customer support was negligent in handling this matter and failed to provide reasonable assistance.”
Shaefer is not only an expert in this realm but an advocate for technology too. In his view, OpenSea still needs to live up to Web3 standards and is no better than its Web2 counterparts. This is also not the first time he has seen this kind of behavior from the NFT marketplace giant.
“The web3 community lauds transparency, decentralization, and accountability. OpenSea failed in all three regards. Some web3 companies are so focused on being the first, the biggest, and impressing investors that they end up no better than the web2 ‘software as a service’ platform we have all grown to despise.”
“I have numerous clients who have had similar experiences with OpenSea. OpenSea has failed to focus on well-trained and available support for customers. We are trying to fix the blatant and unapologetic self-serving behavior in this next era of the internet. It makes me wonder if the same lawyers who screwed up Web2 are now leading blockchain service providers off the same cliff.”