On the eve of the new year, tragedy struck in Manhattan: Chelsea art gallery owner Todd Kramer had 615 ETH (about $2.3 million) worth of NFTs, primarily Bored Apes and Mutant Apes, stolen by scammers and listed on the peer-to-peer NFT marketplace OpenSea.
Kramer quickly took to Twitter and begged for help from OpenSea and the NFT community for help regaining his NFTs. Unsurprisingly, he was ripped to shreds by others in the community for not storing his valuable JPEGs in an offline wallet; however, OpenSea froze trading of the stolen NFTs on its platform.
More than a few commentators pointed out that OpenSea's intervention here—and especially Kramer's pleas for a centralized response—seemed to go against a key tenet of the industry that often bumps up against usability: the idea that "code is law," and once your tokens are in someone else's digital wallet, that's the end of the game. While OpenSea did not actually reverse the transaction on the blockchain, it did block the stolen NFT's sale on its own platform, which is the most popular marketplace for NFTs.
"We take theft seriously and have policies in place to meet our obligations to the community and deter theft on our platform. We do not have the power to freeze or delist NFTs that exist on these blockchains, however we do disable the ability to use OpenSea to buy or sell stolen items. We've prioritized building security tools and processes to combat theft on OpenSea, and we are actively expanding our efforts across customer support, trust and safety, and site integrity so we can move faster to protect and empower our users.”
OpenSea's interventions, when they do happen, leave some users in the lurch. For example, another Twitter user recounted in a viral post how they unwittingly purchased a stolen NFT on OpenSea for 1.5 ETH (around $5000) only to have it frozen. OpenSea wasn't quick to help them out, they said—although, it's unclear what the company could really do at that point—and the NFT project Alien Frens reimbursed them 1 ETH.
In these and other cases, “self-sovereignty” is offered up as an attempt to reframe what actually happened. Yes, the victims are ridiculed for falling prey to a hack or scam, expected to learn from their mistake by using cold storage, and in the best scenario able to buy the NFTs back at a discount because they're not sold on major marketplaces. But at least there was no centralized intervention. Kramer himself was able to buy at least two of his NFTs back with the help of users who had unwittingly bought them from the scammer.
Do you have a tip to share about digital wallet hacks or cryptocurrency scams? Please get in touch Edward Ongweso Jr via email (firstname.lastname@example.org) or securely on Signal (202-642-8240).
OpenSea's interventions in the cases of stolen NFTs show how centralized intermediaries often have an important role wherever the decentralized world of the blockchain meets the real world. It's also not the first time that similar moves have happened elsewhere in crypto, even though they break from the core dogma of immutability and self-sovereignty.
In 2016, a hacker stole nearly $60 million worth of ETH—the equivalent of 5 percent of all ETH in circulation at the time—from an early DAO on Ethereum, simply called The DAO. To return the ETH, developers reversed the transaction and wiped it from the blockchain ledger with a hard fork, creating a new version of the blockchain. Users took to using the new ledger that returned their ETH, while the original one was dubbed Ethereum Classic (ETC) by people who bristled at the idea of forking to save hacked funds. In 2019, when hackers stole 7,000 bitcoin from the Binance crypto exchange, founder, Changpeng Zhao suggested a similar thing happen and a hard fork be enacted to reverse the cyberattack.
Tether (USDT), a stablecoin that claims its currency is pegged 1:1 to the US Dollar, routinely "freezes" tokens at the behest of regulators or law enforcement. It only recently froze $1 million by blacklisting an Ethereum address, but also has a "recovery" mechanism that allows it to freeze an address where funds were mistakenly sent and issue new USDT.
Scams have always been a part of the cryptocurrency industry, and so has the uncomfortable question of centralized interventions. A recent study found that 50 percent of all tokens listed on popular decentralized exchange Uniswap are straight-up scams. Last month, CoinDesk proudly defended OlympusDAO as being the “future of money” while admitting in the first sentence of its defense that “Yes, it’s a Ponzi scheme.” Scams and thefts in the decentralized finance space have continued to get worse, reaching $14 billion in 2021.
It increasingly feels like the inconsistent application of rules in this space more often results in protecting wealth transfer schemes than protecting all users equally, and obscuring the deep centralization already present: less than one percent of users (institutional investors) account for 64 percent of Coinbase’s trading volume, and 10 percent of traders account for 85 percent of NFT transactions and trade 97 percent of all NFTs at least once.
It’s not clear how this contradiction will be resolved. Uncritically believing decentralization is a salve that immediately transforms something’s politics endangers not only users but crypto’s fever dream of disruption. Take the adoption of blockchain-based technology by investment and central banks. One way to look at this is as a sign of crypto’s inevitability. If you look under the hood, however, it’s more plainly a move by financial institutions to reinforce fiat and further centralize the global financial system.
So long as the contradiction persists and the uncritical belief is held, crypto will find itself in an increasingly weaker position to do anything about any of these concerns.