Security Problems with NFT Marketplace OpenSea

NFT exchanges have occurred with greater frequency over the last year. It has also inspired conversations on the safety of marketplaces. NFTs are digital assets stored on a blockchain representing items in the digital and real-world, including artwork, music, videos, and even real estate. 

OpenSea is a peer-to-peer platform and the largest NFT marketplace, allowing users to exchange NFTs. While OpenSea claims that its platform is secure, some system flaws make it vulnerable to security problems like scams, frauds, and coordinated attacks. Let’s discuss some of the security problems that users can face when exchanging NFTs on the OpenSea marketplace and OpenSea solutions.

Phishing attacks and account hacks

A phishing attack occurs when the attacker poses as a trusted source to trick a user into revealing sensitive information and gaining access to their account. The attacker could also deploy malicious software on a victim’s system. They are always looking to gain access to a user’s wallet so they can steal their NFTs. They gain access by getting users to click ‘yes’ on a pop-up asking to connect to their wallet.

As recently as February 2022, OpenSea experienced a widely-reported phishing attack where users lost millions of dollars worth of NFTs. A Bored Ape NFT got lost in this hack, and its owner has filed a $1 million-plus lawsuit. The plaintiff, Timothy McKimmy, claims that his Bored Ape NFT went missing due to a “security vulnerability” on OpenSea that allowed “an outside party to illegally enter through OpenSea’s code and access [his] NFT wallet.” McKimmy asserts that OpenSea was aware of its platform’s security vulnerabilities and continued to operate without notifying users or putting adequate safety measures in place.

In a separate attack in February 2022, hackers sent emails to OpenSea users asking them to move their listings to a new contract system. By clicking this link, users knowingly gave the hackers access to transfer ownership of any NFTs they wanted from the victims’ Ethereum wallets. This hack made away with $1.7 million in NFTs. It allegedly affected only 17 OpenSea users, but many more users lost assets that day, and they are still unsure whether it was part of the same attack.

Site reliability

The popularity of the NFT ecosystem inspired more users to visit OpenSea over the last year. However, the site was not ready for this massive increase in activity and experienced an outage this past January. The outage led to questions about OpenSea’s reliability. The flaws in the marketplace that caused the downtime could have allowed scammers to hijack users’ accounts.

Design flaws are another issue with OpenSea’s site reliability. Bugs have created loopholes that have allowed people to buy NFTs for a fraction of their market value and resell them for profit. This design flaw stems from the ability to relist an NFT at a new price without canceling the initial listing. Buyers can purchase NFTs at their previous listing price, which is much lower than the current market prices.

What is OpenSea doing to improve?

OpenSea is working on product improvements to enhance the user experience and improve site security. They actively monitor the platform and remove malicious content and scams as soon as they flag them. They also have a reporting tool so users can notify them about questionable NFTs, including inappropriate content and stolen work. 

In addition, OpenSea has added an extra step in their purchase process to ensure buyers agree to their terms of service, including the right to remove content that infringes on the terms.

As with any technology, new issues emerge as the NFT space grows. Unfortunately, there is only so much OpenSea can do, so you must take additional measures to protect yourself in the marketplace. Do your research, double-check URLs, and never share personal information with strangers.

How REV3AL can protect and help 

REV3AL‘s technology resolves your security concerns through a specialized platform that uses multi-factor layers of encrypted authentication. When REV3AL’s proprietary algorithm authenticates all factors, users will see a green checkmark to improve their confidence in their interactions. REV3AL technology’s robust solution can prevent fraud by protecting, authenticating, and verifying beyond the blockchain.

In addition, the REV3AL team’s expertise, combined with strategic partnerships with companies like NFT Tech, Forward Protocol, Metaverse, and many more, is notable. 

This network gives technical and strategic support and an unsurpassed distribution network. REV3AL incorporates additional dynamic layers of variable data interlaced within each feature to enhance the overall protection solution. This protects users from unauthorized attempts to access or distribute their digital assets.

Share link:


Written by Rachel Woods