With NFT scams on the rise, Web3 platforms are increasingly forced to grapple with identifying and managing stolen assets. As the largest NFT marketplace, OpenSea has borne the brunt of this Web3 responsibility, but its policy of blocking flagged assets has received considerable backlash, especially for punishing users who didn’t know that they were buying stolen NFTs.
In response, OpenSea announced on Twitter on Wednesday that it will change the way it handles NFT assets that are reported as stolen.
OpenSea would previously block stolen assets from being bought, sold, or transferred on its platform as it investigated each case, which meant an indefinite hold on accessing such NFTs and their respective worth.
Tweeting that it wanted to “address the elephant in the room,” OpenSea wrote that it will now require a police report to be submitted within seven days of flagging an NFT as stolen. The marketplace notes that it has done this in the past for “escalated disputes,” but that it will now be required for all NFTs that are reported to be stolen.
The move is designed to prevent false reports. If a police report isn’t submitted in time, then the hold on the items will be lifted.
Furthermore, OpenSea says that it will simplify the process for rescinding a claim once a user recovers his or her stolen NFT, or if they otherwise want to withdraw a report.
On Thursday, OpenSea clarified that the police report requirement will only apply to newly-filed claims over stolen NFTs, and not existing cases. “If we applied this retroactively, we'd be asking months or weeks later for them to take an additional step, when they'd (hopefully) put this behind them,” the marketplace tweeted.
An NFT is a blockchain token that represents ownership in an item, and they’re often used for digital goods. Popular NFT use cases include artwork, profile pictures, digital collectibles, and video game items. OpenSea is the leading NFT marketplace, routinely processing billions of dollars worth of trading volume each month before the recent crypto market crash.
13/ Doing better begins w/ sharing & listening more. We’re committed to improving at both. Thank you for your feedback, your patience & your passion. Behind this blue boat is a group of humans who love this space like you do & we wouldn't be here without you. More from us soon 💙
— OpenSea (@opensea) August 10, 2022
As the NFT market has flourished and matured, there’s been a rise in scams designed to trick users into signing what they believe to be a legitimate transaction with their crypto wallet—such as for a new NFT or token drop—but instead giving attackers access to all of the assets in the signing wallet, enabling them to transfer and steal NFTs and other tokens.
Such scams have become commonplace on social media, especially Twitter, with accounts from reputable creators and projects—including Beeple and Nouns—hacked and used to spread links that can lead to assets being stolen. It has prompted a debate over whether creators should reimburse users who have their NFTs stolen in such cases.
OpenSea said that because it’s based in the United States, it can’t knowingly allow the sale of NFTs that are marked as stolen. However, the marketplace’s broad policy towards blacklisting reported assets means that users who bought NFTs—unaware that they had previously been stolen—are sometimes then unable to transact or transfer the asset as a result.
“In some cases, the purchaser who unknowingly bought a stolen item (at no fault of their own) was inadvertently penalized. This is one of the most difficult issues we face,” OpenSea acknowledged on Twitter. “Please believe we take it seriously [and] we’ve been actively listening to your feedback on how to tackle it.”
Note that while OpenSea can block the ability to buy, sell, or transfer select NFTs on its own marketplace, that doesn’t prevent users from transacting elsewhere. Owned NFTs remain in users’ own wallets, and they can use marketplaces that don’t have the same policies or haven’t similarly flagged those assets as stolen.
OpenSea also noted that it is working with other Web3 platforms to try and minimize the impact of such NFT scams, and better educate users. It pointed to popular Ethereum wallet MetaMask’s recent update, which makes users better aware that they’re signing away broad access rights with certain transactions—broad access that is commonly sought to execute such attacks.