OpenSea has become the Microsoft of NFT marketplaces, having trafficked $21.85 billion of total trading volume across 1.3 million traders. In contrast, Axie Infinity has 1.9 million traders but 5x less trading volume, at $4.1 billion. With that much responsibility for NFTs, OpenSea was bound to pay the cost when something goes awry.
OpenSea Leaves the Exploit Door Open Through Inactive Listing
If anything, OpenSea gained so much popularity in such a short time because it catered to the widest audience. The largest NFT marketplace made minting simple with an intuitive interface. However, because OpenSea depends on blockchain’s immutability, some things are beyond its control.
This is the case with inactive listings. Tied to non-custodial wallets like MetaMask, any time a user makes NFT available for sale, it becomes listed. No one but the user in control of the wallet linked to the OpenSea account can cancel it, including OpenSea.
However, if a user doesn’t cancel the sale, the NFT becomes inactive until it expires in six months. Only recently did OpenSea implement custom expiration dates. Because cancellation requires gas fees, which are still quite high on Ethereum, many traders leave their NFTs in the inactive listing mode. This opened the door to a nasty exploit.
Accidentally Selling Blue-Chip NFTs Drastically Below Their Price
When a high-valued NFT, a blue-chip one like Bored Apes, has an old inactive listing at a fraction of its worth, the order is still fulfillable without manual cancellation. At the end of January, OpenSea saw fit to reimburse 750 ETH, or $1.8 million at the time, to users who accidentally sold blue-chip NFTs with the inactive listing exploit.
OpenSea thought it would preempt a lawsuit with the reimbursement. Better luck next time! A single Bored Ape owner, Timothy McKimmy from Texas, is suing OpenSea for damages over $1 million. However, he is willing to settle if he gets his Bored Ape #3475 back.
As you can see for yourself, it has already been reported for suspicious activityuntil the matter is resolved, with the average price listed at 26.6 ETH ($71.4k). There was a vertical spike in its price history when the inactive listing exploiter sold it for 99 ETH ($266k).
The ape itself is rarer than even the one Justin Bieber recently bought for $1.3 million, Bored Ape #3001. Timothy claims his wrongfully sold NFT is among the top 14th percentile rarity. Although OpenSea can’t cancel listings on users’ behalf, a case could be made that the platform could have stopped such listings entirely.
However, that would have affected OpenSea’s bottom line of receiving cuts from NFT sales, regardless of whether they are conducted in good faith. Perhaps, this erosion of reputation will cost OpenSea more in the long run?
Another thing to consider is that one should not be a cheapskate when it comes to manual cancellation fees. That alone would have prevented the situation Timothy found himself in.