- An OpenSea user is suing the platform for $1 million over the loss of a Bored Ape NFT two weeks ago
- Timothy McKimmy lost his NFT in early February which was sold for 0.01 ETH and then relisted at 225 ETH
- McKimmy claims that OpenSea is at fault while the platform will likely it was the user’s fault
An OpenSea user has sued the company for $1 million after he lost his Bored Ape Yacht Club (BAYC) NFT following a phishing attack. Timothy McKimmy lost BAYC #3475 to the attack in early February when the hacker exploited a security vulnerability to illegally access his wallet and sell BAYC #3475 to a third party for 0.01 ETH. The NFT itself has since been relisted on OpenSea for 225 ETH ($600,000) and McKimmy says that the thief has refused to give it back to him. He is now suing OpenSea over their role in facilitating the theft.
OpenSea Accused of Allowing Forced Listing
McKimmy’s complaint claims that OpenSea were well aware of vulnerabilities regarding the connection of external wallets to the platform but “did not put adequate or timely safety measures in place” which led to the NFT being stolen:
Defendant’s security vulnerability allowed an outside party to illegally enter through OpenSea’s code and access Plaintiff’s NFT wallet, in order to list and sell Plaintiff’s Bored Ape at a literal fraction of the value (at .01 ETH). Essentially, OpenSea’s vulnerabilities allowed others to enter through its code and force the listing of an NFT. This is through no fault of the owner.
As a result of the theft, McKimmy is demanding payment for “the valuation of the Bored Ape, and/or monetary damages over $1,000,000.”
User Error or Platform Failure?
One crucial element missing from the complaint is exactly how BAYC #3475 was stolen, something that may intentionally have been glossed over. Seeing as individuals have to authorize key elements of the sale and transfer of their NFTs on OpenSea it is clear that McKimmy has had his wallet compromised somehow.
His legal team may argue that the theft of the NFT was “through no fault of the owner” but unless OpenSea itself was hacked and the NFT stolen then McKimmy himself is partly culpable, either to a phishing attack or something similar.
Either way we can expect OpenSea to launch a staunch defense and argue that McKimmy himself was at fault for the loss of his Bored Ape.
