Important updates for listing and delisting your NFTs

One of the most challenging things about building in the crypto space is that we’re constantly learning about novel and unexpected edge cases for which there are not clear, established product solutions. One such issue has garnered a lot of attention from the community over the past several weeks: when a user transfers an NFT out of a wallet (“Wallet 0xABC123”) while a listing is active, that listing is not automatically canceled–and if the user transfers the NFT back into Wallet 0xABC123, that listing will still be active. In some cases, that listing may now be for an amount below the current floor price for NFTs in that collection.

This issue has been discussed as an “exploit” or a “bug,” but the reality is that it’s a fundamental feature of blockchain marketplaces: only the person who lists an item for sale can cancel that listing (i.e. OpenSea cannot cancel a listing on behalf of any user). This is, in many instances, a very good thing and an important aspect of what makes web3 special: your NFTs are completely in your control. 

There is a shared responsibility in the NFT community to educate newcomers to the benefits — and unique pitfalls — that come with interacting with blockchains. But as early members of the NFT space, we have a disproportionate share of that responsibility, and hold our product to a higher standard than most. We wish we had been clearer and more proactive in educating users on the risks of leaving orders uncancelled before transferring an NFT.

As soon as we became aware of this issue earlier this month, our product team identified and began building a number of improvements to help users avoid it. Over the past two weeks we have:

1. Changed the default listing duration on our site from 6 months to 1 month to limit the  number of listings that remain active long after they’re relevant.


2. Built a dashboard into the user profile where a user can see all of their listings and cancel any that are no longer relevant.


3. Created an alert to flag when a user transfers an NFT out of their wallet that has an active listing associated with it, so they are made aware and can cancel the listing upon transferring the item.

Our support team has also been working tirelessly to reach out to affected users and reimburse them until our product experience can make this risk clearer. We understand the community’s frustration that we haven’t been more public in our communication on this topic. Simply put, we were concerned that the more attention we drew to this mechanism, the more it could be abused by bad actors. As a result we focused our efforts on reaching out 1:1 with affected users rather than announcing this news more broadly.

It is a huge responsibility to help create standards for a new space, and it’s one we take very seriously. We’ll continue to work to live up to the high bar our community sets for us, and to find ways to make it right when we fall short.



OpenSea acquires Dharma Labs, welcomes new CTO

There’s no question that OpenSea is in build mode. 2021 was a landmark year for NFTs: the world recognized their potential as building blocks for a brand new, peer-to-peer internet. As we enter 2022, NFTs are squarely in the center of the public interest – and we’re humbled by the opportunity to help drive the space forward.

At OpenSea, 2022 will be about building across four core priorities: 1) accelerating product development to ensure we’re meeting the needs of our growing community, 2) expanding our trust, safety and reliability efforts, 3) meaningfully investing in the NFT and web3 ecosystem, and 4) significantly growing our team. And today, to help accomplish all four – we’re thrilled to announce that we’re acquiring Dharma Labs.

The team at Dharma is among the most talented and respected consumer crypto teams in the world, having built beloved experiences for seamlessly onboarding fiat currency to blockchains. Our teams share a vision that NFTs will be the cultural focal point of crypto’s adoption for years to come — and that vision can only be realized if using NFTs becomes easy & delightful for the average person. Ultimately, we believe this union will be a force multiplier for NFTs and web3 adoption, and help us dramatically improve the experience of buying, minting, and selling NFTs on OpenSea — whether you’re a beginner, or a pro.

Meet our new CTO

With the acquisition, we’ll welcome Co-Founder and CEO of Dharma Labs, Nadav Hollander, to OpenSea as our new Chief Technology Officer. Nadav is a seasoned leader from the early Ethereum community, having built, launched, and evangelized some of the most influential protocols & products in the DeFi space. He brings fresh crypto-native expertise to OpenSea’s leadership, having spent his career building systems that adeptly mask the complexities of smart contracts and blockchains for use by mainstream consumers.  Nadav’s impact will be wide-reaching, but his initial mandate will be two core priorities: improving the technical reliability and uptime of our products, and building web3-native mechanisms for engaging with and rewarding our early and loyal community.  We’re thrilled to bring his deep crypto expertise into the OpenSea leadership team.

Oceans, not aquariums

Web3 is about open, community-led, and permissionless innovation, and we’re doubling down on our contribution to that ethos. We’re excited to share that OpenSea Co-Founder and current CTO, Alex Atallah, will step into a new, externally facing role where he’ll oversee our web3 and NFT ecosystem development efforts. He’ll serve as OpenSea’s representative for the recently announced NFT Security Group, and will steer our soon-to-be-announced community investment efforts, focused on growing the entire NFT ecosystem. 

We couldn’t be more excited for the journey ahead with the Dharma team by our side. If you share our vision of building a new Internet with true ownership at its core, please join us – we’re hiring across the board! For more information about product plans for Dharma, please visit their website.



Introducing the NFT Security Group

Last year, the world woke up to NFTs: the first digital product standard that is platform agnostic. They represent the basic building blocks for brand new peer-to-peer economies, giving more freedom, portability and ownership over digital goods, and allowing developers to build powerful, interoperable applications that provide real economic value and utility to users across all blockchain-enabled platforms. They introduce a brand new, exciting surface area through which consumers, creators, developers, brands and communities can interact – and with that comes a responsibility for the platforms enabling it to keep consumers safe.

Today, consumers are expected to have significant knowledge and blockchain background in order to onboard and participate safely. Many platforms building on top of web3 are dis-intermediating themselves from the property, controls, and responsibilities expected of their users, and no one (including OpenSea) yet has all the right tools in place to help consumers navigate the complexities of NFT security independently. 

We believe the security implications of web3 extend across platforms, and that the inevitable trend toward dis-intermediation comes with security implications and responsibilities for everyone involved. Simply put: more collaboration in this space is required to tackle security and safety challenges at the highest level, which is why we’re announcing the creation of a private NFT Security Group.

Originally announced at NFT.NYC, the NFT Security Group began modestly by gauging interest and inviting other companies in the space. We plan to extend invitations to others collaboratively. Current participation includes:

  1. Adobe
  2. Alchemy
  3. Arweave
  4. Bitski
  5. Blockade Games
  6. Coinbase
  7. Foundation
  8. Horizon Blockchain Games
  9. Immunefi
  10. Protocol Labs (IPFS)
  11. KnownOrigin
  12. Ledger
  13. MakersPlace
  14. Manifold
  15. MetaMask
  16. Nifty Gateway
  17. OpenSea
  18. Polygon
  19. Rarible
  20. Showtime
  21. SuperRare
  22. WalletConnect
  23. Zora
  24. 0x

Let’s discuss the purpose of the group, the kinds of issues that members will discuss, and how you can get involved.

Goals of the NFT Security Group

To start out, this group will be proactive, community-driven, close-hold – and most importantly, focused on cross-platform safety:

  • Proactive: Members should expect to share and learn about vulnerability reports that have not yet been publicly announced, or that have yet to impact their respective user base. That way, they can focus on fixing impending problems before they happen, as opposed to just reflecting backwards. 
  • Community-driven: Members of this group should submit vulnerabilities and fix specs early, when they are reported and understood, and even before a fix is launched. We will help identify the clearest opportunities to be proactive and drive impact.
  • Close-hold: This will be a private working group that maintains strict confidentiality principles. Members should expect confidentiality from others in the group, and membership is restricted to dedicated Security teams from each member project. This goal requires the group to be invite-only.
  • Focused on cross-platform safety: Most importantly, this security council aims to safeguard users universally by spreading awareness and fixes to other companies and ecosystems in good faith.

Membership in this group requires an invitation from the committee, and a commitment to the shared goal of collective improvement to drive mainstream adoption. We seek to have impact through collaboration and accountability, and we understand that consumers will always have many options when choosing their NFT and web3 platforms. Vulnerabilities across specific platforms will persist and impact the industry, unless we can tackle them together.

Security Group Topics

From what we’ve seen to date, NFT security can be broken down into five main buckets:

  • Blockchain consensus security: Is the chain secure at a foundational level? Are transactions forgeable? Are forks dangerous for consumers? How likely is a denial-of-service attack?
  • Smart contract security: Are the programs that manage token ownership and metadata secure? Do they do what they claim and only what they claim? How much do they rely on a central wallet authority for administration?
  • Wallet security: Are the extensions or libraries for interacting with wallets resistant to exploits? Are the user interfaces prone to phishing attacks or other forms of deception? Are the programs behind smart contract wallets secure?
  • Metadata security: Are the images, animations, traits, and other metadata for an NFT safe to display to all users? Are they deceptive? Are they resistant to the potential compromise of any third party systems?
  • Interoperability: This is a more future-oriented sector, since we haven’t seen much interoperability in the space but expect more to come. When one project incorporates another’s NFTs, are users aware of the implications? Are they able to grant consent to cross-project NFT actions, where appropriate?

For many of these sectors, proper user education and UX guidance will be critical. We still operate in a paradigm of company-owned digital goods, and most people do not understand that companies like OpenSea cannot move their items for them, or that another company can interact with their listings and items just like OpenSea can. We will need others’ help to push the new paradigm forward.

How you can get involved

To help members feel comfortable disclosing as many vulnerabilities as possible up front, membership in this group will be invite-only for now. Members will have the opportunity to vote on and collectively extend invitations to new members.

However, there are several ways that individual security contributors can assist:

In the new year, we will also ramp up the security content we publish here on our blog. We are at the forefront of a new and more powerful web. We welcome the best minds in security to join us.


OpenSea’s bug bounty program

At OpenSea, we’re on a mission to build the world’s most trusted and inclusive NFT marketplace – and a key aspect of “trust” implies knowing and understanding our technical vulnerabilities, so we can anticipate and prevent attacks from ever happening in the first place.  Luckily for us, OpenSea has a vibrant community of passionate and highly skilled users who we’ve partnered with to develop OpenSea’s Bug Bounty Program! 

This program has existed informally for some time, and we brought on HackerOne in October 2021 to help us formalize it. Today, with our continued growth and visibility, we’re now ready to make the program public and expand the participation to anyone wanting to make a meaningful security impact on OpenSea. As we scale the program, we’re focused on empowering our community members to identify and flag any security vulnerabilities so the OpenSea team can act quickly to review and patch improvements to our site.

Since its launch, OpenSea’s Bug Bounty program has allowed us to quickly address vulnerabilities, improve our defenses, and help keep our platform secure alongside our own teams’ efforts. Engagement has been tremendous – and since May of 2020, we’ve resolved and paid bounty for more than 25 proven vulnerability reports.

How it Works

In exchange for vulnerability reports, we will be providing rewards in a tiered model based on the severity of the issue reported. The bounties range between $500 and $50,000, depending on the severity of the vulnerability and impact. All bounties are subject to be paid out at higher rates at the discretion of the OpenSea team depending on severity of the reported vulnerability.

When we receive a report, we commit to responding to and triaging new bug bounty submissions in less than 4 days, issuing bounties for confirmed vulnerabilities in less than 25 days, and resolving any proven vulnerabilities as quickly as possible.

OpenSea is committed to a true partnership with the community to find and resolve any vulnerabilities that might exist on our platform. Every report will be reviewed by a security expert and responded to in a timely fashion – we deeply appreciate the effort and vigilance of those who contribute! You can find more about the bug bounty policy and how to report issues at OpenSea’s HackerOne page: https://hackerone.com/opensea


KONAMI MEMORIAL NFT #1: Castlevania’s 35th Anniversary

Guest post by KONAMI


About the KONAMI MEMORIAL NFT series  

We’re excited to introduce our genesis NFT collection and let fans preserve beloved in-game scenes from KONAMI titles as collectibles. No matter how old you are, the famous scenes and background music from the games you played as a child will never fade.  

About Castlevania 

Castlevania is an action-adventure game series, first released in 1986 as a Family Computer Disk System exclusive title. The unique world, beautiful visuals, and majestic background music have made the series popular around the world, and the latest title, ‘Castlevania: Grimoire of Souls’, is currently available on Apple Arcade. Additionally, all 4 seasons of the animation series ‘Castlevania’ are currently streaming on Netflix.  

Official Castlevania Portal: https://www.konami.com/games/castlevania/ 

About the Castlevania 35th Anniversary NFT

To celebrate the 35th anniversary of Castlevania, we have turned the most memorable game scenes, background music, and newly designed art into NFTs.  

The art was created by a KONAMI staff member who played the original Castlevania as a child 35 years ago and is a massive fan of the series. We have picked up the cuts and art our fans remember the most and immortalized them on the blockchain.  

NFT #1: Castlevania – Dracula’s Castle Pixel Art  

Shown above is the newly designed pixel art for the ‘KONAMI MEMORIAL NFT’. Based on the map of the Castle that appears in-game, corresponding stages and enemies have been placed to recreate the challenging journey in Castlevania.  

NFT #2: Castlevania – Highlights

For the production of this NFT, we gathered several KONAMI employees who played Castlevania in their childhood and recorded their gameplay.  

The filming took longer than expected, but we obtained a large amount of video material. And as we played, memories of challenging enemies and stages came back to life…  

This is a highlights movie focusing on the most impressive Castlevania scenes, with the great vampire hunter Simon Belmont’s adventure of conquering the Castle condensed into 3m 34sec.  

NFT #3: Castlevania – Vampire Killer 

The song ‘Vampire Killer’ is still remembered as a classic by fans of Castlevania. This NFT utilizes the background music and gameplay from Block 1 of Castlevania.  

First purchaser campaign 

Customers that purchase the NFT from the official ‘KONAMI MEMORIAL NFT’ account will be able to post their desired nickname on KONAMI’s official website (https://www.konami.com/games/memorialnft/). Please check the official website for details.  

About the drop  

  • There are 14 different types of art NFTs, and only one of each is available.  
  • The auction will be held on the below schedule;  

(US East) Jan.12 17:00 – Jan.14 21:00 EST
(US West) Jan.12 14:00 – Jan.14 18:00 PST
(UK) Jan.12 22:00 – Jan.15 02:00 GMT
(Japan) Jan.13 07:00 – Jan.15 11:00 JST
*Auction beginning times are approximate and may alter.



OpenSea site reliability: January 2022

I wanted to take a moment to address the site stability challenges that OpenSea has experienced over the last few months, including this morning’s downtime. I recognize that the impact of OpenSea downtime is significant for many of you who depend on our platform. We take accountability for the recent instabilities – and I wanted to personally apologize, explain, and outline our plans to prevent this from affecting you in the future. 

This morning, we experienced a sustained surge in API traffic that overloaded our systems and resulted in degraded performance and site outages. To address these issues throughout the day, we made changes to optimize our API access and scaled our search datastore to better manage the increased load.

Improving site reliability has been a priority for some time (in fact, it’s one of the focus areas I mentioned in our recent funding announcement). We were a team of just seven people at the start of 2021, and as NFTs took off last year, we had to scale fast. That kind of scale comes with growing pains, which many of you have experienced firsthand. Thank you for bearing with us. You deserve better, and we are up to the challenge. 

To that end, I want to share a few of our internal goals with you to be more transparent about what we’re doing to improve site reliability and support

  1. Expanding our engineering team to more than 200 people by the end of this year. In the last year, we’ve brought on incredible engineers – but we need significantly more to both improve our core architecture and ship the products and features needed to improve the consumer experience. To that end, we are hiring and would love your help with referrals.
  2. Rearchitecting for scale. Our platform team is actively executing on a plan to rearchitect core parts of our architecture to match current and future demand on our systems. I am personally overseeing this priority alongside our technical leadership team.
  3. Reducing our customer support times significantly. To make sure we’re responsive to community needs, especially around platform reliability, we’re building out a large team that is solely focused on reducing response times for your support questions. That includes an investment in hiring more than 60 individuals as of last week, and plans to double that team by the end of 2022 to meet increasing demand.

We’ve got a lot to build this year, but these are by far our most critical improvement areas. Consider this my commitment to you that we’ll improve quickly, and that site stability will remain the absolute top priority until we are performing at our best. We need to do better and we will.

Devin


Announcing OpenSea’s new funding

Investment will help improve customer and community experience 

In 2021, we saw the world awaken to the idea that NFTs represent the basic building blocks for brand new peer-to-peer economies. They give users greater freedom and ownership over digital goods, and allow developers to build powerful, interoperable applications that provide real economic value and utility to users. OpenSea’s vision is to become the core destination for these new open digital economies to thrive, building the world’s friendliest and most trusted NFT marketplace with the best selection.

To accelerate this vision, we have raised $300 million in Series C funding at a $13.3 billion post money valuation. Paradigm and Coatue led the round with participation from new and existing investors. We are excited to work with these incredible partners, thinkers and builders who collectively bring a depth of experience in Web3, NFTs, and best in class consumer experiences.

We have four goals for this funding: 1) accelerate product development, 2) significantly improve customer support and customer safety, 3) meaningfully invest in the wider NFT and Web3 community, and 4) grow our team.

Accelerating Product Development and User Experience

As we look to bring NFTs to a broad consumer audience this year, we’re excited to welcome Shiva Rajaraman as our new VP of Product. Shiva joins OpenSea from Meta, where he was the VP of Commerce. Before his time at Meta, he spent time at YouTube, Spotify, and WeWork. Shiva is passionate about building a new web that rewards creativity and participation with fewer gatekeepers, better privacy, and sustainable economics.

We’re focused on lowering the barriers to entry for NFTs by introducing features and simplified flows that abstract away the complexity of the blockchain. We’re also accelerating our multi-chain support and prioritizing improvements to help people discover, manage, and showcase their NFTs with better tools, analytics, and presentation.

Expanding our Trust, Safety and Reliability Efforts

We’re actively expanding our efforts across customer support, trust and safety, and site stability and integrity. This includes both product and technical investments to enable systems that protect and empower our users, as well as significant investments in in-person customer support operations. We’ve already scaled our customer support and trust and safety teams to more than 60 people, and expect to more than double that team by the end of this year.

Making Meaningful Community Investments

We are committed to expanding the entire NFT ecosystem. This quarter, we are launching a grant program to give us the opportunity to directly support the developers, builders, and creators shaping the future of the NFT space. Our ambition is to foster the scale and growth of the broader NFT ecosystem including raising the profile of emerging creators and investing in the people who shape the NFT space for the better today.

Growing our Team

We saw the NFT ecosystem explode last year, with OpenSea’s transaction volume increasing over 600x in 2021. But we’re just getting started – and we need to scale our team quickly! If you’re motivated to build the destination for new open digital economies, we are hiring across the board. We couldn’t be more excited about the journey ahead.