Recent Security Issues on OpenSea indicate Need for Change

Recent acts of cybercrime on the OpenSea marketplace and Solana blockchain are strengthening the argument that users are at greater risk than they may know, and that the current non-fungible token (NFT) landscape could do better with a security-oriented NFT platform. 

What’s Happening

Cryptocurrency related crime reached a new all-time high in 2021, with illicit addresses receiving over $14 billion during 2021, up nearly 100% from $7.8 billion in 2020, according to the Chainalysis 2022 Crypto Crime Report issued Feb. 2022.

Source: Chainalysis

Although the number and volume of transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021, $14 billion still represents a significant amount of money, most likely originating from crypto users that earn an average of $20 thousand a year (Source: Binance Global Index Report).

According to the ongoing media coverage in 2022 about recent cyberattacks and crypto-cimes, hackers are focusing on NFT markets, which appear to be “softer targets” than centralized (CEX) and decentralized (DEX) exchanges. Based on the coverage so far this year, several NFT marketplaces have lighter security, more exploitable vulnerabilities, and higher risks to users. NFT marketplaces – such as Opensea – have experienced so many hacks and scams, that Opensea is facing its first lawsuit by a user who suffered more than $1 million in losses. This first OpenSea liability case is unlikely to be its last. 

NFTs & Cybercrime

The NFT Market erupted in 2021, and some may speculate that it played the main role in reinvigorating the entire crypto market throughout the year – as BTC, ETH and many other altcoins achieved all-time highs multiple times. However, such success attracted scams, hacks, and ponzi schemes which had a record-setting year as well.

To get a better picture, about $45 billion worth of cryptocurrency was sent from ERC-721 and ERC-1155 contracts — the two types of Ethereum smart contracts associated with NFT marketplaces and collections. 

That is a whopping 424x, or 42,452%, increase from the $106 million registered in 2020.

Unfortunately, significant growth always draws significant interest from bad actors. As the NFT market becomes bigger, more widely adopted, and more profitable – the risk potential increases accordingly.

Source: Chainalysis

The OpenSea Dilemma

Numerous media outlets (Bloomberg, CNBC, Vice, Bitcoin.Com, The Fashion Law) have been generating story-after-story about the recent cyber-attacks on OpenSea, the world’s largest NFT marketplace.

According to a report by Web3isDoingGreat, 17 OpenSea users had their NFTs stolen and flipped for a total of $3 million by a phishing scam. The actual number may be as high as 32, according to Business Standard.

Another example, where various OpenSea users began noticing that some of their NFTs were missing from their wallets, specifically Bored Ape Yacht Club and Mutant Ape Yacht Club. Several Twitter influencers, or crypto specific profiles, started sounding the alarm.

tweeter image of opensea security exploit

Devin Finzer, co-founder and CEO of OpenSea, went to Twitter to say that the site was fine, and that “as far as we can tell” those affected were the victims of a “phishing attack.”

However, some users responded by demanding more clarity and accountability from OpenSea after highlighting what happened to them and identifying common points of failure that contributed to the losses that other Opensea users experienced.

tweet image about opensea hack

As mentioned earlier, Opensea user Timothy McKimmy, the former owner of Bored Ape #3475 – which McKimmy purchased in Dec. 2021 for 55 ETH ~ $232,000 – sued OpenSea. In a lawsuit McKimmy v. OpenSea, the plaintiff alleged that on Feb. 7, a “security vulnerability allowed an outside party to illegally enter through OpenSea’s code and access Plaintiff’s NFT wallet, in order to list and sell McKimmy’s Bored Ape at a literal fraction of the value.”

McKimmy isn’t the only one who has lost faith in OpenSea safety, transparency, and user-centricity. Apparently, some of the users are smarter than some of the developers, and they managed to prove their point – those savvy users posted via Twitter a clear flaw in OpenSea’s code that allows illicit actors to breach and steal people’s assets.

twitter image about opensea hack

Let’s be clear, OpenSea is not the only ecosystem with flaws that cybercriminals are targeting. Last month, Crypto giant Solana experienced what CNBC called the “second-biggest exploit ever” in DeFi history, which caused SOL’s price to lose over 10% of its value in less than 24 hours. Although no further details have been provided, according to Forbes and ETF Trends, the bridge that links the Ethereum and Solana blockchains (“Wormhole”), lost over $320 million.

According to CertiK co-founder Ronghui Gu, “this attack is sounding the alarms of growing concern around security on the blockchain.” And rightfully so, after so many instances of security breaches, protocol hacks and scams, the trust in blockchain technology, crypto, DeFi or NFTs has decreased.

Such security issues certainly demand much more attention than initially thought, as they are affecting the credibility and support for the underlying technology. After all, the cornerstone attributes of a cryptocurrency-based financial system would be security, scalability and decentralization. 

Therefore, it is clear that as far as the NFT and DeFi space is concerned, a much safer alternative to OpenSea, and the Ethereum blockchain overall, would be more than welcome in order to rejuvenate the trust and excitement in the NFT market, by providing the ultimate security solutions to the current problem.

How Energi Will Fix This?
Energi Defense branch - Energi Bureau of Investigations (EBI) graphic

To address this big gap in the market, Energi aims at expanding its safety benefits and utility into the NFT landscape by creating a platform where users can mint and trade NFTs with low fees, high speeds and most of all, the highest level of security in the crypto world. 

Energi Defense and its investigative arm, Energi Bureau of Investigations (EBI), serve to protect the Crypto and NFT community from hackers, scammers, and other bad actors in the space. So far, the EBI have solved over 100 security related cases, and have recovered over $1.1 Million that have been stolen from the users.

Energi also deploys resources to educate community members to adopt better cybersecurity awareness, as well as encouraging, and rewarding, users to report any form of cyber criminal activities to our EBI team.

Apart from the security branch, there is also the Customer Support department that operates 24/7/365 to provide live assistance to users and address safety concerns.

With an upcoming NFT Marketplace, introduced through the launch of Energi NFT Collections, Energi will provide an ecosystem that has solid security and low-risk transactions, by tackling limitations that current protocols cannot successfully address.

For more information about the upcoming Energi NFT Collections & Marketplace, join our Discord Community and take part in the Whitelist Contest to win a chance to own an Energi NFT.

Sign up to our Newsletter

Be sure to follow us on Twitter and Telegram for the latest Energi News, and join our vibrant Discord channels to connect with others, learn more about the world of Crypto & NFTs and be part of the Energi Community.

Join our Newsletter to stay in touch with the latest Energi News

We use cookies to ensure you get the best experience on our website. Learn more about the data we collect on our Privacy Policy page.