Here’s how OpenSea NFT hacks hurt owners, buyers and even entire collections

cointelegraph.com:

The non-fungible token (NFT) market has been booming since the summer of 2021 and as NFT prices were sky-rocketing, the number of hacks targeting NFTs were also increasing. 

The most recent high-profile hack siphoned approximately 600 Ether worth of NFTs from Arthur0x, the founder of DeFiance Capital, and they were sold off on OpenSea.

A 2022 Crypto Crime Report published by Chainalysis highlighted that the value sent to NFT marketplaces by illicit addresses jumped significantly in 2021, topping out at just under $1.4 million. There is also a clear increase in stolen funds sent to NFT marketplaces.

Given the concerning rapid increase in illicit value flowing into the NFT platforms, it is natural to ask whether security measures and procedures are in place and if so, whether these measures are effective in protecting owners.

Let’s take a look at OpenSea, the largest NFT platform, and its security measures.

OpenSea has two main security measures that kick in once an account has been “hacked” — locking the compromised account and blocking the stolen NFTs. These two measures are very ineffective when looking at them closely.

Locking the account can be done on the OpenSea website as shown here without human approval; whereas blocking the NFTs involves a lengthy process of raising a ticket and waiting for the OpenSea help team to respond.

In a situation when a hacker has already compromised the wallet and is in the process of transferring the NFTs out, locking the account will only be effective if it’s done quickly enough before the hacker transfers everything out.

Similarly, blocking the NFTs is also only effective before the NFTs are sold to another buyer by the hacker. What’s even worse is this security measure creates a series of