The Web3 world is doing its best to come up with solutions to one of the crypto ecosystem’s biggest problems: theft.
More than 46,000 people have reported losing more than $1 billion in crypto scams since 2021, according to a recent report released by the Federal Trade Commission (FTC). The problem has gotten so bad that the regulatory agencies and lawmaking bodies in the U.S. are now playing a game of hot potato by asking each other for help to find new solutions.
NFT marketplaces are also grappling with ways to address theft on their platforms. OpenSea recently updated its stolen item policy, for example. In a Twitter thread explaining the update, the company commented on its rationale for not allowing the sale of stolen items on its website, noting that this policy aligns with legal requirements in the U.S.
That legal requirement has been the source of much contention on OpenSea. While attempting to follow that law to the letter, any asset the platform recognized as stolen — wrongfully or not — effectively became a dead asset on the OpenSea marketplace. The only recourse for a wrongfully accused user, or a user who unknowingly bought a stolen NFT, was to take the digital asset to another platform to sell or trade it there. Not an ideal solution.
In the Twitter thread, OpenSea acknowledged it occasionally penalized buyers on its platform who unknowingly purchased stolen NFTs in this way.
“Based on your input,” the company continued in the thread, “we’ve already made the call to adjust elements of how we implement our policy. 1st, we’re expanding the ways we use police reports: we’ve always used them for escalated disputes, but they’ll now be used to confirm all theft reports.”
The company says that if users don’t deliver a police report within seven days of submitting a ticket reporting an NFT as stolen, it will reenable the item for sale on the platform. The update also makes it easier for NFT owners to conduct transactions with formerly stolen assets once the platform has helped recover them. In situations of both wrongfully-labeled theft and successfully recovered assets, the company says it’s working to develop a process that doesn’t involve a notary.
What this means for the ongoing NFT theft crisis
OpenSea doesn’t have a perfect track record of handling stolen NFTs on its platform, as numerous users will attest. The response to the stolen items policy announcement has been mixed, with some claiming that this is likely the best that a massive NFT platform trying to comply with certain legal realities can do.
Others are unconvinced that OpenSea is sincere about its desire to do right by its community, with responses to the thread ranging from skeptical to outright scathing.
In fairness, that skepticism is not entirely without warrant. Numerous scandals have rocked the platform in recent months, shaking user confidence to the core. In June, the FBI charged OpenSea’s former product manager with insider trading. A month later, the company announced it was laying off 20 percent of its staff, raising the question of whether or not the platform acted responsibly in its planning for the cyclical nature of the crypto market.
OpenSea has also exhibited a lack of precision when enforcing its policies, like when it fumbled an attempt to comply with U.S. sanctions law and banned all Iranian artists from its platform, even though many of them were not legal residents of the country.
How expanding police reports on OpenSea might help
Requiring police reports for all stolen items on OpenSea could help disincentivize fraudulent reports of theft, which might have significant downstream effects, like reducing the number of wrongful accusations its user base has to deal with.
The policy update also works in OpenSea’s favor, allowing it to legally comply with necessary regulations while letting the marketplace claim it has done due diligence in addressing the issue.
It’s all quite messy, and nobody is thrilled with either the rampant NFT theft on the platform or the proposed solutions. Security in Web3 overall is a slippery, multifaceted thing to consider. Ethereum Co-Founder Vitalik Buterin, for example, recently suggested using stealth addresses for ERC-721 tokens as a way to ensure users’ ability to transfer, mint, and burn NFTs with anonymity, something that could work wonders for a Soulbound token-using world.
But these addresses could benefit bad actors in the space, making stolen asset recovery a near impossibility. Using social recovery wallets might reduce the chances of that, but it’s no guarantee. Regardless, OpenSea’s stolen item policy update is an example of how difficult it is to deal with the other side of the decentralized coin in a Web3 world.
That fraud in Web3 is commonplace isn’t really a surprise — the nature of DeFi imparts a far greater number of ways in which people may conduct transactions online. Still, it also lets malicious actors take advantage of the very foundation of that freedom. The coming months and years will likely see increasingly serious and creative attempts to balance decentralization with security and a sense of justice, a symmetry the NFT space sorely needs.