Hiding Suspicious NFT Transfers on OpenSea

In a recent blog post, Devin outlined the many efforts we’ve made – and are making – to address core Trust and Safety issues on OpenSea. A key priority of this work is to reduce the threat of theft and scams. Today we’re taking another step in this area, with the launch of a new feature that automatically hides suspicious NFT transfers from view on OpenSea.

Blockchains like Ethereum are open and flexible systems that have catalyzed new products, applications, and features we love. However, with this openness, blockchains can also enable activity that isn’t welcome. One particular ecosystem-wide issue involves unexpected NFT transfers from someone you don’t know. This is similar to email: anyone can send you an email, including scammers.

We’ve seen scammers use these NFT transfers to entice a recipient to view an NFT listing that contains links to malicious third-party websites. Curious collectors will then visit and interact with those websites, which can sometimes lead to phishing and result in the theft of NFTs from the collector’s wallet. It’s important here to note that we have not seen any instance where simply receiving a transferred NFT  – without additional user actions (e.g. navigating to a malicious third-party website or providing a signature) – causes malicious activity. 

Though unwanted NFT transfers will always exist across the ecosystem on public blockchains, we want to hide them from view on OpenSea. Today, we’re launching three updates to protect the community from these transfers:

  1. Some transfers will now go to the Hidden folder, automatically. This move will significantly reduce this scam vector. But sometimes, like email spam, we will get it wrong and some legitimate transfers will be hidden automatically too.
Finding the Hidden folder from your profile
  1. OpenSea will periodically notify you when you receive a transfer that we hide. This notification will show up via a banner on the Collected tab. If you were expecting a transfer and don’t see it on your profile, the banner will direct you to the Hidden tab, where you can unhide the transferred NFT. After the first “hidden transfer,” we’ll periodically remind you about the Hidden tab when you receive a hidden transfer.

Banner on the Collected tab indicating a hidden transfer.
Unhiding an NFT in the Hidden folder
  1. The Hidden folder now has new filter options: “Hidden by you” and “Auto-hidden.” By default, we show all hidden items, but users can easily filter to one or the other as needed.
New filters on the Hidden tab

The Rollout

These changes have started rolling out to all users. Over the next few weeks and months we will continue to train our detection logic. During this time, we may accidentally auto-hide legitimate transfers. If that happens to you, please know that we’re working to evolve our algorithms, and it’s safe to unhide transfers you were expecting.

Many of these changes are subtle updates to how OpenSea displays blockchain events. So if you see something unexpected (like an expected transfer that doesn’t show up in the Collected folder or the Hidden folder), please reach out to our support team for help at support.opensea.io.

Ultimately, an ecosystem-wide effort is required to defeat scam and theft techniques. While we work with partners to achieve that larger goal, we hope that today’s change has a positive impact on the issue of theft in the web3 community. It is the first step of many we plan to take over the next few months. As always, we appreciate the community’s feedback on these changes.