Imagine accidentally selling an NFT worth over $1 million for only $26. That is precisely what has happened to Timothy McKimmy, who owned Bored Ape #3475 from OpenSea’s Bored Ape Yacht Club NFT collection.
Because of this, he is now suing OpenSea—whose legal identity is Ozone Networks—claiming they knew of a glitch that made the sale possible. So what does this mean for NFT buyers and sellers? Let’s take a look.
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of https://t.co/3qvMZjxmDB.
— OpenSea (@opensea) February 20, 2022
About the OpenSea Lawsuit
The claim being made by McKimmy is that OpenSea knew of a bug that allows people to purchase NFTs when they’re unlisted on their platform. De-listing an NFT from OpenSea’s platform with their “transfer” feature doesn’t necessarily remove listings on the blockchain’s back end, making it possible for hackers to purchase tokens for far less than their floor price.
Previous Victims
Others have fallen victim to this glitch already, and OpenSea has since added a feature that allows users to see their current listings, including those they may have believed were cancelled. From there, users can fully de-list their NFTs by paying Ethereum gas fees. However, those who have already fallen victim to the bug aren’t at all helped by this.
The Damages
McKimmy is demanding that OpenSea either return his Bored Ape NFT—which was shortly after resold for 99 ETH (about a quarter of a million dollars)—or pay him damages of over $1 million. He claims the Ape was worth $1.3 million, comparing it to one of lower rarity bought by Justin Bieber for a similar price.
Negligence Charges
McKimmy claims that OpenSea was negligent in that they knew about the vulnerabilities in their code but did nothing to fix it. Instead, they continued sales on their platform rather than pausing to rectify the problem despite knowing this.
Does McKimmy Have a Case?
The claims made do seem to have some weight. It’s true that OpenSea had been in communication with other victims of their platform’s exploit and had even made some settlements (though for less than the tokens in question may have been worth at the time), so it seems reasonable to believe that they were aware of the exploit and had done little to repair it.
On the other hand, OpenSea did recently add their “Listings” feature, allowing users to see their current listings, including those that they might have previously believed to have been de-listed. This may prevent future incidents but does not satisfy the damages against McKimmy and others in similar circumstances.
There seems to be a good chance that McKimmy’s negligence charges could secure a reward from OpenSea, even if his lawsuit, as it currently stands, has some errors (such as naming OpenSea as defendant instead of Ozone Networks, listing the incorrect address, etc.).
Lessons and Preventive Measures for NFT Holders
In terms of lessons that can be learned from this case, here are a few preventive measures NFT holders can put into place:
1. Know the Platform
It’s generally best to deal with platforms that already have a solid reputation in place. OpenSea has been at the center of multiple controversies in addition to this lawsuit, and that should be a warning to buyers to proceed with caution.
2. Keep an Eye on Listings
Just because you use a platform’s tool to de-list something doesn’t mean it’s completely gone. Rarible provides a tool where you can check on all current and previous listings, as does OpenSea with its new “Listings” tab, so it’s easy to keep an eye on what’s actually on the market. You may have to pay a fee to completely de-list your token, but that’s a small price compared to the value of a highly appreciated NFT.
3. Get Your Legal Stuff Right
The errors in McKimmy’s lawsuit may not altogether avert his efforts to recover damages, but they can still be an obstacle. Make sure you know which company you’re dealing with (not just the first name that pops up on their platform) and the jurisdiction in which they operate. Having some legal help on your side isn’t a bad idea either.
Lessons and Preventive Measures for NFT Sellers
There are some lessons to be gleaned for sellers as well. Even if you don’t lose a lawsuit, it’s still expensive to resolve it, making the following preventive measures invaluable.
1. Know Your Customer
While many value blockchain technology for its potential to protect anonymity, it’s still a good idea to know your customers. Doing so can help you avoid dealing with hackers and keep you more secure against liabilities that might result from exploits or illicit activity.
2. Review Your Code
To further shield yourself and your users against exploits, it can be worthwhile to review your code and platform activity every so often. Doing so can reveal potential bugs that could open you up to liability. If you find anything, correct it quickly. It may mean taking your system down, but expensive lawsuits can be far more costly.
3. Give Users Visibility
One of the issues with OpenSea appears to be the fact that users didn’t have much visibility over their listings. They used the platform’s “transfer” feature, believing that it would completely de-list their tokens when it, in fact, did not. If they had had more visibility, these errors might not have occurred (or at least wouldn’t have been OpenSea’s responsibility). As such, it’s worthwhile to implement functionality that gives your users plenty of visibility over their assets.
Update on our ecosystem phishing investigation: we’re looking into a few additional reports of signature phishing. Like last weekend's incidents, we believe these originated outside of OpenSea. 1/3
— OpenSea (@opensea) February 25, 2022
The Takeaway
It will be interesting to see what happens over the course of this lawsuit. The nature of blockchain technology and the various forces at work, in this case, could present some unique challenges when it comes to presenting the case to a jury, and the courtroom proceedings that follow could well shape the case law for future NFT-related suits. But, for now, it’s advisable to play things on the safe side.