The growing rate of cyberattacks on the NFT community is becoming alarming, as more hackers now see it as a means to get the big bags. News of a major theft from a well-known New York art collector recently startled the NFT space. Arts collector, Todd Kramer, dropped a post on his Twitter handle, expressing distress over the loss of his NFTs. He made known that exactly eight Bored Apes Yacht Club NFTs, seven Mutant Ape Yacht Club NFTs, and one Clonex with a cumulative value of over $2 million (around 614 ETH) were stolen from his hot wallet through OpenSea. Image source: news.bitcoin.com OpenSea is the first and largest decentralised marketplace for digital assets run on blockchain. The digital assets cut across gaming items, digital files, arts, collectables, and rare items. OpenSea runs on the Ethereum blockchain and enables smart contracts for the buying and selling of digital assets. Kramer’s plea to OpenSea through his tweet forced them into action, freezing any form of transaction on the Non-fungible tokens (NFTs). Each of the tokens has been flagged as showing suspicious activities, therefore traders should keep off. The well-known art gallery operator, while explaining the ordeal, said, “I clicked on a link of what appeared to be a legit decentralised application (dApp), only to find out it was a phishing scam. He describes the night of the incident as “the worst night of his life.” The hackers gained access to his wallet through the link, clearing out all 16 tokens. The NFT community on Twitter responded to Kramer’s initial cry for help and intervention with a little hostility, which led to Kramer deleting his tweet. A set of NFT proponents fault him for lacking proper operational security (opsec) which led to the sad turn of events. Based on OpenSea’s activities, two critical questions have been highlighted in the decentralised community; the issue of actual decentralization and safety of digital assets in general, not just on the OpenSea network.
When Is Decentralisation Not Decentralised?
The OpenSea intervention to freeze transactions on the recently stolen NFTs has caused a lot of outrage in the decentralized space, as many feel it is an outright violation of what the blockchain family holds dear, third party elimination. If the marketplace was truly decentralised, how could OpenSea freeze the accounts? Who froze the tokens? Are there now exemptions for third parties to intervene? What message does this act pass across? These are bubbling questions now in the community, as a lot of blockchain proponents feel hurt, betrayed, and deceived. This is causing a lot of problems for the largest marketplace, as many people are doubting the integrity of the entire network. If it were truly a decentralised platform, this theft would have just been a sad event in passing, with nothing to be done concerning it. Yes, it is an immense loss, but some NFT traders and collectors feel that to protect the overall integrity of the network, nothing should have been done. Speaking of preserving integrity, another set of people feel OpenSea was put in a position where their silence may have had a detrimental impact on the marketplace, and their action could have had a negative impact as well. This belief was swiftly met with hostility when similar thefts occurred in December 2021 with no action taken — no freeze, no action.
Security Of Digital Assets
This is not the first time a theft like this has happened on the OpenSea platform. At least two happened in the second half of 2021. The addition of this has raised serious questions as to the security of digital assets on OpenSea. If these can be accessed, what about others? However, the issue of security cannot be blamed only on OpenSea. While they have a crucial role to play in securing the tokens entrusted with them, there’s the role of the users in also securing their tokens. Operational security covers every step taken by a user to secure his assets. Because it relates to wallets that are connected to the internet, using hot wallets might be risky. The internet factor makes it more prone to attacks. As a result, cold wallets are strongly advisable for safeguarding assets and investments. Kramer, in his tweet, posted, “lesson learnt.” While there is no guarantee that the stolen tokens will be recovered, there is something that can be done to avoid this from reoccurring. New ways of breaking through security walls in the blockchain community continuously surface, so there’s a widespread call for security alertness by blockchain platforms and individuals.
Addressing Theft Moving Forward
Should OpenSea be sanctioned? Should they lose followers because of their actions? Is there a better way to respond? What are the possibilities for the community in the event of theft? There are several questions to be answered, but only a few answers are available. Yes, the blockchain ecosystem is still in its development stage, and because of its decentralised nature, lacks proper regulations. But despite all this, there should be a clear path of action in cases like this that is accepted in the decentralised community, and not just left to the creator’s discretion. Is it wrong for players like Kramer to want the system to be decentralised in operations and centralised in certain actions? Could this be a call for the NFT community to find a proper balance between centralisation and decentralisation? Or a reminder to the community to be ready to bear the consequences of a decentralised platform, just like they enjoy its benefits? It is unclear how such difficulties will be resolved, but meanwhile, a reminder for corporate and personal security has been reawakened. The market is still watching for possible news updates on the stolen tokens. There’s no solid hope for recovery yet, so Kramer has to live with the weight of his loss for now. Hopefully, this incident pushes OpenSea to strengthen its platform security while staying true to the true essence of decentralisation.