OpenSea Auto detects and blocks stolen NFTs, disables fraudulent links

Theft has become a major problem in NFT space, especially with so-called “wallet drainer” exploits ripping off millions of dollars worth of value from unsuspecting collectors – and there is no way to reverse these transactions on the blockchain.

When stolen assets are then resold to unsuspecting buyers, which only complicates matters further.

But Web3 developers are working to try to minimize the opportunity for crypto fraudsters to steal and then profit from NFT sales, with top marketplace Open sea which aims to lead the charge.

Today, the firm revealed a pair of new features designed to both protect users on the platform from inadvertently engaging in fraud and prevent thieves from quickly turning over stolen assets.

One solution is aimed at preventing malicious links from appearing on OpenSea’s own platform, either through a project’s description or website icon. The tool automatically scans all links that users entered into the market and disables any that point to known scams, or that redirect clickers to sites with malicious code that can swipe NFTs from someone’s wallet.

On the one hand, the tool relies on an expanding blocklist that tracks identified exploits. But it also goes one step further by simulating transactions through any wallet connection messages on the linked site, potentially leading OpenSea’s system into previously unidentified threats.

If a real user interacted with a smart contract— that is, automated code that drives NFTs and decentralized apps (dapps) – for example, what would happen if they sign a transaction? OpenSea hunts for any contract features or behavior that might suggest an attempt to steal assets from users.

“That’s the kind of thing we’re looking for in that simulation,” Anne Fauvre-Willis, OpenSea’s VP of Operations, Marketplace and Integrity, told Decrypt. “Is this asking for something that is unreasonable to ask from a third party site?”

If so, OpenSea will disable the link and take action against users who have shared such links – including banning accounts, removing created NFT projects and rejecting asset transfer requests.

Detects theft on OpenSea

OpenSea’s other new theft prevention measures look beyond the marketplace’s own boundaries to try to minimize the fallout after an NFT is successfully stolen. It is a tool that automatically examines NFT transfers to identify those that may have been swiped through exploits and temporarily blocks these NFTs from being resold on OpenSea.

Previously, when an NFT was stolen, OpenSea relied heavily on the owner reporting it as such, as the marketplace would flag it as such and block resale. By that time, however, a high-value or “blue chip” NFT had often already been sold to an unwitting buyer, and then the were stuck with an asset that they could not move via the platform.

This understandably caused problems with some collectors, particularly those who claimed that the system could be manipulated, or that OpenSea was slow to respond to requests. The the marketplace made changes trying to improve on that model, including requiring a police report to claim an NFT is stolen – but the new, automated system is trying to take action much more quickly.

Fauvre-Willis said the real-time system — which is under testing and initially being rolled out through a limited pilot program — relies on both “a variety of industry data sources” and the types of steps taken when the item is transferred between wallets. Furthermore, it considers other actions performed by the wallet around the same time that may indicate malicious activity.

For any traders who worry about an NFT being flagged when legally transferring a newly purchased asset from one wallet to another, Fauvre-Willis said OpenSea is thinking about that, too. It hopes to keep the number of mislabeled assets as low as possible.

“We’re very focused on precision in this drawer rather than breadth,” she explained, saying the automated system will be gradually trained over the next few months before being rolled out to all users. “We’re trying to be very careful here to balance that, and make sure that the false positive rate is very low when we do this,” she added.

When an NFT is flagged as potentially stolen, it will be frozen on OpenSea, meaning it cannot be resold there. OpenSea will also email the previous owner of the item to check if it was stolen. The NFT will be frozen on OpenSea if the previous owner says it was legally transferred, or if seven days go by without a response.

However, just because OpenSea flags an NFT on the platform does not mean that the blockchain asset is frozen everywhere: the current holder can always sell it on another marketplace that does not have such restrictions.

That said, Fauvre-Willis hopes to share OpenSea’s findings with other platforms in the future as the technology matures, potentially leading to similar anti-theft implementations elsewhere.

Step forward

Open sea embarrassed by its previously stolen NFT policies, especially as buyers who unwittingly bought a swiped NFT had to deal with the hassle of having it frozen on the platform. An automated system may add some curveballs to the mix while it’s being tested, but OpenSea’s hope is that it will ultimately result in fewer such sales of stolen NFTs.

The $13.3 billion startup makes other notable efforts to thwart thieves and prevent the sale of counterfeit NFTs. OpenSea works with the manufacturers of wallets such as MetaMask and Coinbase Wallet to share information and best practices to combat fraud, plus the copymint system has been upgraded to detect and clean copycat NFTs within seconds of embossing.

Fauvre-Willis admitted that “things around trust and security are never over,” and there will surely be a constant need for development and new solutions as crypto fraudsters employ new and increasingly sophisticated exploits. But these are still steps toward a more secure and reliable Web3 user experience, she suggested.

“We may feel different from other marketplaces. It’s important that we follow the law, and it’s important that we make this space safer overall,” Fauvre-Willis said. “Long term, I honestly think we can’t expect the space to grow and expand its use if we don’t make these investments.”