Our Efforts to Prevent NFT Theft
Trust and safety issues – specifically scams and theft – are some of the biggest barriers to broader NFT adoption today. At OpenSea, we’ve invested significant time, resources and attention to help improve authenticity and address ecosystem-wide trust challenges – to ensure today’s users are safer, and that we’re building and supporting an ecosystem that is safe and welcoming for newcomers as well.
In addition to scaling our copymint detection and removal system (we are now able to remove copymints within seconds of minting!), and updating our account verification and collection badging process earlier this summer, we’ve turned our attention to what we see as one of the biggest challenges across the broader crypto ecosystem: theft.
Theft Prevention: Malicious URL Detection and Removal
A common type of NFT theft occurs when people sign a message after connecting their wallet to a malicious website that is purporting to deliver a free mint or some other (fake) benefit. While these malicious links exist primarily across the internet — including on Twitter, Discord, etc. — scammers also try to spread these URLs on OpenSea through fraudulent collection listings and unwanted NFT transfers.
As of last week, we’ve launched a new system to proactively scan URLs shared on OpenSea to help identify if they are malicious in nature. First, our system scans URLs against a blocklist of known malicious sites. But since new scams often show up on OpenSea before they are known to be bad, we also simulate interactions and transactions with new URLs to identify malicious behaviors like signature farming and wallet draining. Scammers that attempt to spread detected malicious links will have their accounts banned, their collections delisted, and their transfer requests blocked when using OpenSea.
Theft Detection: Preventing Post-Theft Resales
While we expect our malicious URL detection and removal system to reduce the frequency of scams being propagated on OpenSea, theft may still occur in the broader ecosystem. Previously, when a user’s NFT was stolen, we relied heavily on the user to contact our support team to file a stolen item report. In many cases, this was enough to prevent the item from being re-sold using OpenSea; but unfortunately, there have also been cases where the thief had already resold the stolen item to an unsuspecting buyer before we could disable resales.
Today, we’re beginning to test a new system intended to detect NFT theft in real-time, and to prevent further resales of suspected stolen items using OpenSea. We’re starting with a limited pilot phase, and we will train the system to more effectively detect theft over the next few months.
Now, when our system flags a potential theft or suspicious transfer, we automatically mark the item as ‘under review’ with a yellow warning icon, disable resales of the item using OpenSea, and alert the previous owner of the item over email. Those users can follow up with us to confirm whether or not their NFT was, in fact, stolen (and provide a police report to keep it disabled on OpenSea indefinitely), or let us know that the transfer was legitimate. In those instances, we will unfreeze resales of the item. If we don’t receive a response from the affected user, we will re-enable resales after 7 days. If you see this yellow “under review” module on an item you own, please don’t hesitate to reach out at any time as well.
Ultimately, the goal of this work is to help make the ecosystem safer by reducing the downstream sales of stolen items – both using OpenSea and elsewhere in the NFT ecosystem – and thus reduce the incentive for NFT theft in the first place.
While these two steps represent a new front in the fight against theft on OpenSea, we know that this problem requires ecosystem-level solutions. That’s why we’re working closely with other marketplaces, wallet providers, analytics organizations, and others, to develop holistic scam detection and prevention systems. We look forward to sharing more on this front soon!