We like to think of NFTs as art, but are they really? After all, isn’t one of art’s defining characteristics the ability for it to be stolen, only to remerge years, decades or centuries later, and see its value skyrocket?
But what about NFTs? How will they hold up on the illegal market?
We’re about to find out.
Yesterday, 32 OpenSea users succumbed to a phishing email scam that saw the perpetrators making off with “art” worth over 1,000 ether, or $3 million. At the time of publication, the attacker’s wallet contains 641 ether with a value of $1.7 million, as well as a selection of stolen NFTs.
This is a new kind of art heist, and for the potential seller (and buyers), it’s uncharted terrain! Is there an appetite for stolen NFTs? And will they even hold their value?
- How the heist went down.
- Will it affect OpenSea?
- What’s the thief’s next move?
What went down?
The word was that it was a hack, an exploit of vulnerabilities within OpenSea itself. However, according to OpenSea Co-Founder and CEO, Devin Finzer, it was actually a phishing attack, a scam email which managed to dupe 32 users into opening themselves up to a security breach.
According to PeckShieldAlert, on-chain data shows that 250 pieces were stolen from high-value collections, including Bored Ape Yacht Club (BAYC), Doodles, Azuki, and NFT Worlds.
While the NFT marketplace is yet to figure out the scale of the losses overall, it seems a potential leak of user information fueled a phishing attack which was timed with an OpenSea announcement of a new smart contract upgrade (which came with a one-week deadline to delist inactive NFTs on the platform).
For a deep-dive breakdown of what happened, why and how to protect yourself against a similar scam, this Twitter thread from Nadav Hollander is essential reading:
Is this the end for OpenSea?
The short answer: no.
One of the catalysts for sustained growth in crypto (or any tech sector) is “network effect”.
It’s a phenomenon whereby an increased number of users determine the value of the service. A perfect Web 2.0 comparison may be seen in Facebook’s tremendous growth, by simply having such a large community. Was it the best social media platform of all? We’ll never know, simply because competitors didn’t get a look in.
For better or for worse, despite its many shortcomings, OpenSea has led the charge and is firmly at the beating heart of the NFT universe.
When a protocol or platform has a network effect, what can stop it?
There are three ways network effect can be undone.
- Government intervention.
In other words, world leaders ban OpenSea.
- A 10x better competitor emerges.
Once a service has taken the market, competitors need to come with a vastly superior technology to gain market share. WhatsApp took out Blackberry Messenger, not because it was a bit better, but because it was incomparably better!
- Technical breakdown
Let’s say OpenSea becomes unusable: the Ethereum of the NFT space but worse! At that point, traders may seek greener pastures.
The point is that none of the above have happened (or are likely to). And in spite of phishing attacks, rival platforms, imperfect user experience and high gas fees, OpenSea’s daily volume has maintained a fairly even spread over the past few months.
Time to get used to a new type of art heist?
No doubt the victims are distraught. The question is: Are we witnessing the beginning of a brand new style of crime?
Well, to answer this question, let’s first establish the difference between trading in stolen goods which are fungible (BTC) compared to non-fungible assets (NFTs).
Imagine you’d ended up buying some bitcoin which, once upon a time, had been stolen, changed hands (or wallets) multiple times, only to end up in your possession.
It would be pretty easy to deny any knowledge or involvement, whether you had any or not. That 0.1 BTC could have come from anywhere. How were you to know that it had once been the proceeds of a smash and grab?
When it comes to NFTs, it’s not so easy: If everyone knows Bored Ape #133 is a stolen good, it’s pretty difficult to pretend you had no idea.
NFTs aren’t really art, they’re certificates of membership
NFTs aren’t like conventional art: Nobody buys an NFT to display at home, or in a private collection. Instead, they are often used as a very public, digital flex, but they also serve another purpose: access.
As NFT utility develops, we’re seeing communities growing where one may require ownership of a specific NFT in a collection as proof of membership.
Again, what happens if a CyberKongz is known to be a stolen good. How will communities respond to the anonymous user who appears bearing it as a profile picture (pfp)? If part of an NFT’s value consists in the access it offers, stolen NFTs are unlikely to retain their value if that access is no longer associated with the piece itself. It’s a bit like trying to cross international borders using a passport which belongs to a notorious criminal still at large. The passport itself is pointless if you’re only going to get apprehended at every checkpoint!
Whoever is sitting on these goods might find them impossible to shift. If you thought NFTs were illiquid, try selling stolen NFTs in a hurry!
More trouble than its worth?
That’s why the perpetrators had to act quickly to offload about half of their loot before the news was well and truly out, and used Tornado Cash in order to cash out the ether proceeds!
As for whoever bought the stolen goods, they might find themselves struggling to find a buyer, and they could be left having to hold on to the stolen loot bag. The scammers may also have a hard time offloading the remaining bounty now that the wider NFT space is up to speed.
It’s the very opposite of, as an example, the Mona Lisa. After it was stolen in 1911, its value skyrocketed, as the world was desperate to see it again. By design, NFTs have none of the characteristics that would see something similar play out. Firstly, we can track their movements. Secondly, we can still look at them, whether we know who “owns” them or not.
NFTs aren’t just art: the black market for stolen paintings, let’s say, or sculptures, is well established, with vast networks of buyers and sellers willing to exchange goods away from prying eyes (and settle in cash!). However, moving contraband around the blockchain is much more difficult, as evidenced by the recently apprehended (alleged) Bitfinex hackers, Ilya Lichetenstein and Heather Morgan, who, at best, were trying to launder their billions in bitcoin through e-vouchers and gift cards. And they eventually screwed up and got caught. We’ll see how this plays out in the months, weeks and even years ahead, but for the aspiring art thief, there’s no two ways about it: Stick with the priceless paintings and your chances of success will be vastly improved!