OpenSea has delisted a suite of counterfeit Reddit NFTs purported to exploit the hype generated by the social media giant’s foray into Web3.
The popularity of Reddit’s official NFT Collectible Avatars shot up dramatically this month, with daily transaction volume setting a new record on Sunday of over $2 million.
Reddit’s NFTs provide certain perks (such as standing out in comment sections), but its biggest draw allows users to own their display avatars (profile pictures) and trade them via marketplaces such as OpenSea.
But the platform has, so far, let at least one fraudulent NFT collection —- the images of which had apparently been right-click saved — mingle with the legitimate tokens viewable via Reddit’s official OpenSea collectibles page for at least 24 hours, according to two sources familiar with the matter.
Taking advantage of NFT platform RPlanet’s Genesis airdrop on Oct. 25, the scammer was able to flood Reddit’s Opensea page with their own minted and airdropped ERC-721 tokens.
The tokens appeared under Reddit’s collected tab where they may have been mistaken for the originals, blockchain analytics firm Halborn told Blockworks.
The “collected” tab on OpenSea reflects the NFTs that a given wallet has purchased or received as a transfer. The “created” tab shows NFTs created or minted by a specific account.
Halborn said they had potentially identified the scammer’s main address, which contained roughly $4,500 in various assets. The firm was unable to definitely link the address.
A total figure for the amount stolen remains unknown. A spokesperson for OpenSea declined to comment.
Slipping through the cracks
OpenSea users can either browse Reddit NFTs via the official and verified “RedditCollectibleAvatars” page or a separate “Explore Reddit Collectible Avatars” portal.
There within the collected tab were copies of the originals.
OpenSea delisted the assets shortly after Blockworks reached out.
Blockworks later confirmed the NFTs listed on the “RedditCollectibleAvatars” collected tab did not have blue check marks next to their names, as opposed to those populated in the created tab.
“Our policies prohibit theft, fraud and plagiarism, which we regularly enforce by delisting items, and in some instances, banning accounts,” an OpenSea spokesperson had earlier told Blockworks via email.
According to one source, though, a scammer was able to slip past OpenSea’s “copymint” system.
OpenSea considers an NFT a copymint if it was created with the intent to deceive users into thinking it’s the original, per its policy page.
The scammer transferred other NFTs that looked similar to the Reddit NFTs to “RedditCollectibleAvatars” where they ended up in the collected tab, not the created tab, the person said.
OpenSea’s system, designed to curb such activity, is supposedly capable of detecting such fakes within seconds, though is not without its flaws and is constantly being fine-tuned, a source told Blockworks.
Instead, OpenSea uses a conjunction of its copymint system and real-time monitoring by employees.
Though it would appear OpenSea also relies on community outreach to notify them of suspicious activity taking place on its platform. The fake Reddit NFTs are said to have remained in place for at least 24 hours before the marketplace took action.