Theft has become a major issue in the NFT space, especially with so-called “wallet drainer” exploits ripping millions of dollars’ worth of assets from unsuspecting collectors—and there’s no way to reverse those transactions on the blockchain. When stolen assets are then resold to unsuspecting buyers, that only complicates matters further. But Web3 builders are working to try and minimize the ability for crypto swindlers to steal and then profit from NFT sales, with top marketplace OpenSea aiming to lead that charge. Today, the firm revealed a pair of new features designed to both protect users on its platform from inadvertently engaging with scams and prevent thieves from quickly flipping stolen assets. One solution is aimed at preventing malicious links from appearing on OpenSea’s own platform, either through a project’s description or website icon. The tool automatically scans any links that users entered on the marketplace and disables any that point to known scams, or that redirect clickers to websites with malicious code that could swipe NFTs from someone’s wallet. On one hand, the tool relies on an expanding blocklist tracking identified exploits. But it also goes one step further by simulating transactions through any wallet connectivity prompts on the linked website, potentially cluing OpenSea’s system into previously unidentified threats. If a real user interacted with a smart contract—that is, automated code that powers NFTs and decentralized apps (dapps)—behind a purported NFT mint hosted at that external website, for example, what would happen if they sign a transaction? OpenSea is hunting for any contract functions or behaviors that might suggest an attempt to steal assets from users. If so, then OpenSea will disable the link and take action against users who shared such links—including banning accounts, removing their created NFT projects, and denying asset transfer requests. OpenSea’s other new theft prevention measure looks beyond the marketplace’s own bounds to try and minimize the fallout after an NFT is successfully stolen. It’s a tool that automatically examines NFT transfers to identify those that may have been swiped through exploits, and temporarily blocks those NFTs from being resold on OpenSea. Previously, when an NFT was stolen, OpenSea largely relied on the owner to report it as such, at which point the marketplace would flag it as such and block resales. However, by that point, a high-value or “blue chip” NFT had often already been sold to an unwitting buyer, and then they were stuck with an asset that they couldn’t move via the platform. This understandably caused problems with some collectors, particularly those who claimed that the system could be manipulated, or that OpenSea was slow to respond to requests. The marketplace made changes to try and improve that model, including requiring a police report to claim an NFT stolen—but the new, automatic system attempts to take action much faster. For any traders who worry about an NFT being flagged when they legitimately transfer a newly-purchased asset from one wallet to another, Fauvre-Willis said that OpenSea is thinking about that too. It hopes to keep the number of wrongly flagged assets as low as possible. Whenever an NFT is flagged as potentially stolen, it will be frozen on OpenSea, which means it can’t be resold there. OpenSea will also email the previous owner of the item to check whether it was stolen. The NFT will be unfrozen on OpenSea if the previous owner says it was legitimately transferred, or if seven days pass without a response. Just because OpenSea flags an NFT on its platform doesn’t mean that the blockchain asset is frozen everywhere, however: the current holder could always sell it on another marketplace that doesn’t have such restrictions. OpenSea took flak for its earlier stolen NFT policies, particularly as buyers who unwittingly purchased a swiped NFT had to deal with the hassle of having it frozen on the platform. An automated system could add some curveballs to the mix as it’s being tested, but OpenSea’s hope is that it will ultimately result in fewer such sales of stolen NFTs. By Andrew Hayward, https://decrypt.co/113332/opensea-now-auto-detects-blocks-stolen-nfts-disables-scam-links
