Imagine accidentally selling an NFT worth over $1 million for only $26. That is precisely what has happened to Timothy McKimmy, who owned Bored Ape #3475 from OpenSea’s Bored Ape Yacht Club NFT collection.

 

Because of this, he is now suing OpenSea—whose legal identity is Ozone Networks—claiming they knew of a glitch that made the sale possible. So what does this mean for NFT buyers and sellers? Let’s take a look.

 

About the OpenSea Lawsuit

 

The claim being made by McKimmy is that OpenSea knew of a bug that allows people to purchase NFTs when they’re unlisted on their platform. De-listing an NFT from OpenSea’s platform with their “transfer” feature doesn’t necessarily remove listings on the blockchain’s back end, making it possible for hackers to purchase tokens for far less than their floor price.

 

Previous Victims

Others have fallen victim to this glitch already, and OpenSea has since added a feature that allows users to see their current listings, including those they may have believed were cancelled. From there, users can fully de-list their NFTs by paying Ethereum gas fees. However, those who have already fallen victim to the bug aren’t at all helped by this.

 

The Damages

McKimmy is demanding that OpenSea either return his Bored Ape NFT—which was shortly after resold for 99 ETH (about a quarter of a million dollars)—or pay him damages of over $1 million. He claims the Ape was worth $1.3 million, comparing it to one of lower rarity bought by Justin Bieber for a similar price.

 

Negligence Charges

McKimmy claims that OpenSea was negligent in that they knew about the vulnerabilities in their code but did nothing to fix it. Instead, they continued sales on their platform rather than pausing to rectify the problem despite knowing this.

 

 

Does McKimmy Have a Case?

 

The claims made do seem to have some weight. It’s true that OpenSea had been in communication with other victims of their platform’s exploit and had even made some settlements (though for less than the tokens in question may have been worth at the time), so it seems reasonable to believe that they were aware of the exploit and had done little to repair it.

 

On the other hand, OpenSea did recently add their “Listings” feature, allowing users to see their current listings, including those that they might have previously believed to have been de-listed. This may prevent future incidents but does not satisfy the damages against McKimmy and others in similar circumstances.

 

There seems to be a good chance that McKimmy’s negligence charges could secure a reward from OpenSea, even if his lawsuit, as it currently stands, has some errors (such as naming OpenSea as defendant instead of Ozone Networks, listing the incorrect address, etc.).

 

 

Lessons and Preventive Measures for NFT Holders

In terms of lessons that can be learned from this case, here are a few preventive measures NFT holders can put into place:

 

1. Know the Platform

It’s generally best to deal with platforms that already have a solid reputation in place. OpenSea has been at the center of multiple controversies in addition to this lawsuit, and that should be a warning to buyers to proceed with caution.

 

2. Keep an Eye on Listings

Just because you use a platform’s tool to de-list something doesn’t mean it’s completely gone. Rarible provides a tool where you can check on all current and previous listings, as does OpenSea with its new “Listings” tab, so it’s easy to keep an eye on what’s actually on the market. You may have to pay a fee to completely de-list your token, but that’s a small price compared to the value of a highly appreciated NFT.

 

3. Get Your Legal Stuff Right

The errors in McKimmy’s lawsuit may not altogether avert his efforts to recover damages, but they can still be an obstacle. Make sure you know which company you’re dealing with (not just the first name that pops up on their platform) and the jurisdiction in which they operate. Having some legal help on your side isn’t a bad idea either.

 

 

Lessons and Preventive Measures for NFT Sellers

 

There are some lessons to be gleaned for sellers as well. Even if you don’t lose a lawsuit, it’s still expensive to resolve it, making the following preventive measures invaluable.

 

1. Know Your Customer

While many value blockchain technology for its potential to protect anonymity, it’s still a good idea to know your customers. Doing so can help you avoid dealing with hackers and keep you more secure against liabilities that might result from exploits or illicit activity.

 

2. Review Your Code

To further shield yourself and your users against exploits, it can be worthwhile to review your code and platform activity every so often. Doing so can reveal potential bugs that could open you up to liability. If you find anything, correct it quickly. It may mean taking your system down, but expensive lawsuits can be far more costly.

 

3. Give Users Visibility

One of the issues with OpenSea appears to be the fact that users didn’t have much visibility over their listings. They used the platform’s “transfer” feature, believing that it would completely de-list their tokens when it, in fact, did not. If they had had more visibility, these errors might not have occurred (or at least wouldn’t have been OpenSea’s responsibility). As such, it’s worthwhile to implement functionality that gives your users plenty of visibility over their assets.

 

The Takeaway

 

It will be interesting to see what happens over the course of this lawsuit. The nature of blockchain technology and the various forces at work, in this case, could present some unique challenges when it comes to presenting the case to a jury, and the courtroom proceedings that follow could well shape the case law for future NFT-related suits. But, for now, it’s advisable to play things on the safe side.

Share this article:

[addtoany]

David Cash: Welcome, everybody. This is NFTS.WTF, my name is David Cash- I’m the editor in chief, and I am here with the one and only Dan Carr, creator of NiftyKit. Dan, Would you like to introduce yourself and for anybody living under a rock, what is NiftyKit

 

Dan: Thank you for having me. I’m Dan, and I am the co-founder and CEO of NiftyKit. It’s a subscription-based app that allows you to create smart contracts and NFTs, and sell them on your marketplace. We are heavily focused on creators, so we wanted to provide a tool that makes it easy for people to get in and not be super frustrated with all of the unknowns in there. So we want to help you go from zero to one and get your smart contract, and NFT’s out there so that your fans can start collecting. 

 

Cash: Awesome, a very noble cause- we need more people like you. I think a lot of artists lately have had growing pains. Our audience members are people who have been in the space a little while, be that five months or five years, encompassing a whole range of experiences. And I think almost everybody who is reading this right now has tried to mint something on Opensea or another platform that has given them a less than ideal result, to put that very nicely. Or have had a situation where they’ve minted NFTs, and a collector would have liked something different in their smart contract, something not so generic. Then on the other side of things, you also have people paying thousands of dollars for front-end and back-end devs to develop something custom, even when what they’re working on doesn’t require such a custom solution. 

 

So I love your solution, and I think it exists somewhere in that nice sweet spot in the middle of those two places. So from a Degen perspective or an insider community perspective, why would you recommend somebody choose NiftyKit over hiring devs as a turnkey solution?

 

Dan: So we focus mainly on two things: saving time and money. The space is moving super fast, and if time equals money, we want to be the shortcut to get your project launched. There are tons of ideas, and sadly, some of these great ideas never see the light of day because the project owners get stuck overthinking things. I’ve been in clubhouse rooms where people are looking to get into the space and are being recommended to pick up solidity…  Like, “Hey, it’s fine if you had a MySpace or you’ve done some HTML before, then you should be able to pick it up.” It shouldn’t be like that… So we created this service to be able to help you channel all the energy in those ideas and make minting and smart contract creation really the least of your problems. If you get stuck and hung up on all that technical stuff under the hood, you’re taking away from what you’re going to need to market your product and get it out there. So we want to just [be a] shortcut for people.

 

In addition to the time, there’s saving money on devs, like you were alluding to. Why would you want to go out and hire devs, I think you would not want to use NiftyKit if you need something more custom. There are a lot more projects coming out with generative aspects that need a little bit more utility baked in. But what NiftyKit does is provide that base layer of NFT support to give you your smart contract. And it’s an ERC 721 smart contract that’s interoperable with Rarible and OpenSea. So we wanted to give you something that gives you the flexibility on creating NFTs and sell them in different ways. Whether you’re listing them on your storefront on NiftyKit, or you’re taking them over to Rarible and OpenSea, listing them there as well. Or we even have people who just do private sales outside of any of these platforms and just transfer it if you trust people that much. So we wanted to just get you past this part zero to one, all in the same day without having to spend weeks trying to figure out what one does with a smart contract.

 

Cash: For anybody who’s reading this, we have a very special offer. If you’ve made it this far, you’ll be one of the first to hear about it but I’m sure we’re also going to be posting this on their social media. Dan, would you like to tell the folks reading your very generous offer?

 

Dan: We want to offer a free Ethereum main net smart contract and 10 NFTs for someone to do their next drop, free of charge, gas on us. So yeah, definitely stay tuned and we want to give that away to just show our appreciation and thanks for everyone supporting us and definitely will be plenty more fun giveaways and things that we’ll be doing so we just wanted to kick it off and offer that to you guys.

 

Cash: Guys, that is a crazy deal; you are too kind. Everybody that’s a $250 value USD, smart contract plus 10 NFTmints, gas included, That’s insane and you guys know what gas is like right now so that’s a big offer. Dan, thank you so much. I appreciate you all taking the time to read to the end!

So how can you go about winning this? You’ll need to follow us on Twitter, Follow NiftyKit on Twitter, quote-retweet our pinned tweet, tag three friends, and subscribe to our newsletter.  After the response to our Fluf giveaway, we thought that it was time to come back with yet another.  And since gas fees have been so fickle lately, we hope one lucky community member appreciates ten free mints and a free custom smart contract, courtesy of Niftykit.

Share this article:

[addtoany]

The heist of the Chiptopunks began with one of the most anticipated generative art drops in recent memory. Last Friday afternoon, Chiptopunks was poised to reveal their remarkably unique 3D animated NFTs for a frantic fanbase of anxious collectors.

 

On its official site, the countdown clock to start minting Chiptopunks expired without incident. That’s when chaos erupted, and within that very minute, an angry mob of crypto town-criers descended upon the Discord group. With their tiki torches ablaze and their knives out, they stormed the ChiptoStage, hurling insults and accusations at a pair of disoriented developers.

 

Even accidents can become art on the blockchain. The Chiptopunks Discord prophesied controversy before the drop ever happened. Unlike most generative art projects touting 10,000 collectibles, only 512 Chiptopunks NFTs were minted, with at least 8 Chiptopunks spoken for before the drop went live. Bored Apes and Cryptopunks accounts were tweeting about the Chiptopunks at least a week beforehand, while the Chiptopunks Discord grew 4x more members than the number of NFTs minted. This didn’t discourage countless collectors who were ready to chip in, knowing they had little or no chance of getting one. Everyone in the drop party was ready and waiting to rush the secondary market before the floor rose too high.

 

“How many people are pissed when they’re standing outside a Supreme store waiting for a t-shirt drop?” LordNefty ranted. “It doesn’t matter if it’s an inside job—it’s not, and I know that for a fact,” he emphasized. Although LordNefty claims to have exploited a weakness in the Solidity contract and absconded 150 Chiptopunks by “accident,” proof he owns the transacting wallet has yet to be provided. 

 

So what really happened? How is it that so few collectors managed to secure a Chiptopunk? And how did a single wallet bag 150 NFTs when a single transaction limit was set for 3-mint max?

 

 

 

“I can say without a doubt they made an error in their code,” says Ryan Satterfield, owner of Planet Zuda, a cyber-security company specializing in information security and hacking the internet of things (IoT). “I would love to applaud them on the work they put into security, but, in this space, every character matters,” Satterfield emphasized. “I would not make such a statement without having fully reviewed their contract that’s publicly available.”

 

A Solidity contract is a collection of code (its functions) and data (its state) that resides at a specific address on the Ethereum blockchain. You can think of it as single slots in a database that can be queried and altered by calling functions of the code that manages the database. “Solidity looks deceptively simple, but it’s much much harder than it looks,” says Dimitrios Kouzis-Loukas, Fintech Senior Engineer/Architect at Bloomberg LP. Kouzis-Loukas is responsible for leading teams of engineers that develop tools and infrastructure to ensure that Bloomberg’s systems are up and stable. “Don’t get me wrong,” he continued. “People do an excellent job, but still. Smart contracts and solidity are so new, and people are still trying to figure them out.”

 

 

“The NFT contract for Chiptopunks was published 6 hours before the drop, and someone was able to write a custom contract,” says 0xFloop. “The way the Ethereum blockchain works is when you’re calling internal functions from a contract, you don’t have to wait for each one to go through. Someone did 33 buys of 3 each, and that goes through in one transaction. That’s what knowing how to code and actually understanding Solidity allows you to do.”

 

“The contract is vanilla,” claims LordNefty. “They copied and pasted their contract, and filled in the blanks,” he asserts. “This project has been on my radar for some time, knowing I was going to use the contract to buy more than 3,” he claims. Yet and still, there’s no proof that LordNefty actually did the ‘bundling’. “One by one, I’m going to send them to the burn wallet,” he said.

 

Burning them all doesn’t affect the current market as it exists; there would be no market dump or supply-side disruption. It was suggested that LordNefty raffle them all at a set price. He could also make a contract that allows a re-drop of 150 NFTs and set the mid-price like an auction, but that could result in thousands of people attempting to buy 150 NFTs, with no guarantee the same thing wouldn’t happen again. However it is yet to be verified that LordNefty is in fact the owner of 150 Chiptopunks, so all of this may still be speculative by the time this article is published.

GaperArt could potentially use the Ethereum self-destruct function to dynamically update the code, or use it to make the current contract non-operable in the future while transferring everything to another contract,” Satterfield suggests. “The opcode SelfDestruct can be used to update contracts already on the blockchain or redirect the contract to a new contract. However, SelfDestruct in itself is also dangerous to most contracts on the blockchain because anyone can update or delete the code of any project if it isn’t protected against SelfDestruct.” This is because the opcode doesn’t require consent to be used against a contract. However, you can use SelfDestruct to update patching contracts from being exploited by SelfDestruct, as long as that function hasn’t been removed from the Ethereum version you’re using. “Vitalik” Buterin, the Russian-Canadian programmer and co-founder of Ethereum, wants to remove this opcode.

 

 

“I’m an artist at heart,” Cam Taylor professed. “Gaper.eth wrote the code. Our intention was to provide something unique and special, something different from a lot of the stuff that’s out there right now and we’re fucking bummed,” he apologizes. We didn’t want it to go this way. All the comments saying we know it’s a scam like we’re in on it couldn’t be further from the truth. We care deeply about this project. Honestly, I just wanted to create the most badass fucking 3D punk heads possible for y’all, and we’re fucking pissed that this happened,” Taylor said.

 

“This is not how we intended the drop to go,” says gaper.eth. “All we wanted was to build community and to have a solid drop. We had no intention of one whale buying 150 of the supply.” 

 

“This isn’t even how you build community, though,” ab7#5635 lamented on Discord. “Building a community would start at a really low price to give people the opportunity to get into your project. The art is really fucking good. Chances are they’re gonna hold. It really sucks there’s a lot of people that were priced out, to begin with,” she regrets. 

 

Adding insult to injury, OpenSea initially verified the wrong contract, leading some collectors, including myself, to purchase illegitimate NFTs. One such collector purchased at least 5 of them. So when you search for Chiptopunks NFT on OpenSea, be sure it’s the collection with 512 items. Some of them are available on the secondary market, and despite everything that went wrong, there’s always an upside.

 

“We haven’t settled on the exact percentage or amount yet, but we are going to take a portion of the profits, and we are going to be purchasing iPads with Procreate, or possibly laptops. We’re giving them to underprivileged children who would like to be able to make art,” Taylor promised. “We’re gonna figure out the right organization to work with, and we want to make it transparent to show that we believe in art and technology. We want to give back in some way.”

Share this article:

[addtoany]