“I have been hacked. All my apes gone. This just sold please help me,” wrote Todd Kramer, of New York’s Ross + Kramer Gallery, in a since-deleted tweet.
The blockchain's seemingly safe and secure nature was suddenly put into the spotlight. There've been similar cases before, but nothing of the sheer volume and value of NFTs stolen.
OpenSea, arguably the most trustworthy marketplace on the blockchain that hosts digital assets, is at the forefront of this issue. Like most decentralized marketplaces, OpenSea runs on the Ethereum blockchain and hosts digital assets, i.e., collectibles, digital files, game items through smart contracts.
The buying and selling of items in OpenSea go through smart contracts, which promises privacy, security, and transparency.
Vulnerability of Hot Wallets
Kramer's NFTs were stored on a hot wallet, a less secure option where private keys are stored on a device with an active internet connection. He recalled how he was duped by a phishing site that mimicked a real decentralized app.
There's no shortage of concerns about the vulnerability of hot wallets in crypto. The fact that the asset is stored in a wallet connected to the internet means that it has an increased chance of being compromised.
OpenSea and all other marketplaces are taking precautions, but it'll be quite challenging for them to keep NFTs offline unless they're stored in cold wallets. There are just too many variables involved with exchanges and transactions, which can technically expose hot wallets to prying eyes.
When OpenSea did response to the theft, it raised many eyebrows. The platform decided to freeze all accounts related to the transaction involving Kramer's account. It flagged the NFTs as suspicious activity, causing quite a bit of hostility among users affected by the sudden change in policy.
OpenSea went on to say that it's not liable for user assets or transactions. It encourages users to trade at their own risk, which is pretty much the norm across the blockchain industry right now.
A Question of Freedom
OpenSea's move to freeze any account or transaction involving NFTs is frowned upon for a good reason. Blockchain, NFTs, and decentralized markets are different from the traditional centralized financial market. It's called a free market because centralized authorities have no or minimal control over the flow of transactions.
OpenSea is a platform that offers unfettered access to everyone, regardless of age, social status, location, etc. Doing so offers all users across the globe an equal playing ground where they can participate in buying and selling goods using cryptocurrency. This idea has been driving NFTs and blockchain technology forward.
For some people, the fact that a decentralized marketplace is suspending transactions involving NFTs to suppress the theft suggests its propensity to embrace centralization - the very principle it wishes to defeat.
It's not that OpenSea is acting in bad faith, though. We should look at it as a desperate way to minimize the damage caused by the incident. But facing a huge security breach shouldn't be a reason to deviate from the decentralized nature of the blockchain and the entire blockchain ethos as a whole. When NFT marketplaces freeze accounts in times like this, it could be doing more harm than good to the blockchain community because it sends a message that markets can freely suspend or freeze users' accounts any time they want.
Of course, it can't be stressed enough that Kramer may have put himself in a pretty bad position by opting to keep his highly valuable NFT collection on a hot wallet. But OpenSea shouldn't be faulted for reacting to the security lapse because it has its credibility and reputation to worry about.
As such, marketplaces should only freeze transactions when situations like this call for dire actions, and it should be a last resort employed in critical situations where there's evidence of asset theft or fraudulent activities.
An Oversight Board, Anyone?
It's surprising that this kind of incident involving NFT marketplaces happened in the first place. Considering how big the trading volume of ERC-721s has been, it should've been a priority for platform operators to learn more about their customers' assets and transactions.
So, one might think about NFT marketplaces and platforms incorporating an oversight board. Will that solve scams, theft, and other issues? It probably will, but at what cost?
Last year, Facebook revealed a new review board that acts as a self-regulatory body to ensure its data privacy measures are in place. The idea is to filter out content that doesn't adhere to the company's community standards.
In a way, this move was triggered by several accusations of Facebook violating its users' privacy and giving access to their data without proper authorization. So, it probably made sense for the social media giant to have a new mechanism in place - even if it amends its reputation among certain groups.
In the case of NFT marketplaces, it might not be a bad idea to have an oversight board that acts as its self-regulatory unit tasked with overseeing transactions and ensuring that all rules related to fraud or theft are followed through. This would make it easier for these platforms to avoid charges of fraud, but...
By having an oversight board, it's almost inevitable that these platforms will impose restrictions on users. This could result in creating a new form of censorship where certain transactions are being monitored to comply with market policies - which is the opposite of what blockchains stand for.
Strike a Balance
There's no quick answer to the question of whether NFT marketplaces should freeze accounts and regulate transactions. After all, the blockchain is decentralized, which makes it possible for anyone to buy or trade NFTs in a peer-to-peer manner without the interference of centralized parties.
But when there are issues involving theft and fraud, it's understandable that marketplaces have to protect their assets - just like what OpenSea is doing now. Platforms should understand that they can't completely rely on systems where they're always at the mercy of their users.
In a way, it's a double-edged sword and whatever is decided won't make everyone happy. NFT marketplaces could benefit from better security measures and oversight boards to ensure that they can protect assets, but this level of intervention should be strictly used only when necessary.
The truth is, anyone who invests in crypto and NFTs must fully embrace the responsibility of protecting their investments. After all, there are already enough security measures for them to use. Users should better understand how their digital assets work while being mindful of how they're going to use them.