How to Stay Safe on NFT Marketplaces
|— Blockchain transactions are made secure by a consensus mechanism system, which means transactions need to be approved by the network. |
— While this system is secure, and revolutionized the way we transact by removing the need for a middleman, it is costly to end users who need to pay gas fees to action transactions.
— For this reason, some platforms manage and store some elements of your transaction off-chain – in other words, in centralized database.
— Understanding the consequences of this for your transactions is essential to remaining secure. Here, we explain using NFT marketplaces as a current example.
What is an off-chain transaction, and how does it affect your NFT marketplace security? Let’s take a look at NFT marketplace security to understand the concept.
Blockchain is amazing right? Forget banks and middleman, we are in complete control of our assets at all times and remain completely secure, by harnessing the power of the network itself. The defining feature of blockchain – and the thing that makes it so revolutionary, secure and reliable – is that transactions can only take place when the network (that’s a huge number of participants spread across the planet) approves them. This system is known as a consensus mechanism.
This applies both to transfers of value, and to more complicated requests, such as alterations to the terms or the application of a smart contract, which also rely on the network for approval.
The Cost of Freedom
But this autonomy comes with a cost. If you’ve ever done a transaction on Ethereum, you’ll know about those much-maligned gas fees we all try to avoid. Processing a transaction on the Ethereum network requires computing power, and that translates as a cost to the end user. This is why some platforms and services have enabled elements of your transaction to be managed “off-chain”. Let’s explore that concept further, and explain what it means for you.
Off-Chain Sell Orders Explained
As the name suggests, an off-chain interaction is one that happens off the blockchain. Rather than being a transaction, it’s a permission for a particular entity (like a marketplace or to do X Y or Z with your assets in the future. that are stored and managed by an external database, rather than the network itself.
There are a number of benefits to doing this, chief among which is that it doesn’t require network approval – or the related gas fees.
Sounds great, right? Given the choice between a costly on-chain interaction and a free-to-execute off-chain alternative, the latter seems an obvious choice – but there are also important consequences to the user, and understanding this is essential to navigating the space securely. To examine this further, let’s take a look at the recent OpenSea exploit, how it happened and how it was leveraged by a hacker to buy NFTs below floor price – without the knowledge of the seller.
The OpenSea NFT Exploit Explained
When you list an NFT on OpenSea, the transaction behind the listing is split into two separate elements – one on-chain and the other off-chain – with the aim of streamlining the process and making listing less expensive for sellers. Both elements form essential parts of the same overall process, but perform different functions.
The On-Chain Part
Sellers listing an NFT on OpenSea will initially sign a “Set approval for all” smart contract permission. What does this mean? This is an on-chain transaction – it broadcasts to the blockchain that the seller has given OpenSea permission to offer any NFT from a given collection to be sold and moved from their address to another person’s.
Once you approve this smart contract, it is validated by the network and the blockchain will continue to enforce that arrangement until it’s told otherwise – this is all done on-chain.
The Off-Chain Sell Order
Now that the platform has permission to access and move your NFTs, it’s time to dictate the specific terms of the arrangement – specifically the price you want to sell at, and the expiry date of that offer (which is optional). This is done through something called a sell order.
Sell orders are handled off-chain, using something called a Personal_Sign message. This message is what generates the on-site listing, and is signed using your private key, However it is not actioned on the blockchain itself. Rather, the details are stored on the marketplace’s centralized database.
This message does not incur any gas fees, since it’s not an interaction with the blockchain. And even after you’ve signed it, you remain free to use the NFT as you like until it’s actually sold: it’s still in your wallet, and it’s still yours. For now. The permission simply tells the marketplace that you’re happy to see it if someone makes an offer of X amount in future.
Yet here are some weaknesses to this design – particularly if you want to change the price of the listing, or remove it altogether. Understanding those weaknesses could be the difference between securing your precious crypto assets, and watching them fly out of your wallet.
NFT Listings: Two Processes, Two Consequences
Remember, there are two process levels driving your NFT listing:
- the smart contract permission, giving your agreement for the marketplace to access your NFTs and move them to the buyer’s wallet. This is recorded on-chain.
- your sell order, containing specific details like price and expiry date. These gasless agreements are managed and stored off-chain.
Both levels of this process need to be taken into consideration when you manage your listing, something that many users are not aware of, or don’t understand properly. Let’s take a closer look at how this dynamic operates.
Making Changes to your Listing: Doing it Right
Let’s say you have an NFT listed on an NFT marketplace but have decided not to sell and want to de-list it. The correct way of doing this is by paying the gas fees to cancel the on-chain smart contract permission; once this is done, the Personal_Sign message will automatically be invalidated and disappear from the OpenSea database, as well as being deleted from the platform itself.
But in order to avoid gas fees, many users use a different process to take their NFT “off the market.”
The Dangerous Shortcut
Rather than cancel on-chain, a common way to manage a listing is to simply transfer the NFT out of the initial address (which bears the relationship with the smart contract) and into another wallet owned by the user, and then send it back to the initial address again. Since the sale can no longer be fulfilled by the platform once the NFT leaves the initial address, the platform will de-list the item automatically – with users having an expectation that the sell order is now invalid.
Here’s the problem with that: the on-chain permission to sell remains valid on the blockchain.
So although it seems like you’ve removed your NFT from the marketplace, the blockchain itself will still honour a sales request for the item: this means anyone who has a record of your sell order message (with – you guessed it – the old price) can force through a sale of that NFT once it’s back at the OpenSea address.
Would you sell your Bored Ape for the same price as six months ago? Me neither. So you see how this ends.
Off-Chain Transactions: Centralisation Returns
Alright, you might be asking yourself – “how did the attacking wallet gain access to my old signed messages?”, and it’s a great question. There are two options here: either the hacker employed a bot to save every offer that’s ever been posted in OpenSea, or there is a breach in the platform’s API. And either way, the vulnerability lies in the fact that the information was managed off-chain.
This is not to say that there’s no place for off-chain functionality in dApps and DeFi – simply that using this approach welcomes back a few of the problems that blockchain was designed to solve, namely, the single point of failure issue that pervades centralization. So understanding exactly how our agreements work is essential research.
How to protect your NFTs
As you now know, the best way to protect your NFTs from this exploit is to make sure any sell-order cancellations are done on-chain – and this entails swallowing some gas fees.
But there are also a few other things in play to help you stay safe. In response to this attack OpenSea launched Listing Manager, a set of tools to help NFT owners see inactive sales orders and cancel them in one click. This will help tackle the recently exploited vulnerability but the simplest way to avoid leaving yourself open to this particular attack is to avoid taking shortcuts and pay the gas fees to cancel the old sell offer linked to your NFT.
Revoke Your Permissions
One of the most powerful moves you can make when securing your NFTs is to stay on top of your wallet permissions. That means knowing exactly what permissions (on and off-chain) are active at a given time, and revoking anything unnecessary to avoid a surprise down the line.
Services like Revoke.cash enable users to inspect all of the open contracts you’ve authorised to spend money on your behalf, and revoke access for the ones you no longer need – a tool that can be used across the range of DeFi platforms you may be using with Ethereum.
The Best Protection: Keep on Learning
We’ve said it before and we’ll say it again – knowledge is power. Now that you know the difference between on-chain and off-chain transactions, and how they affect your NFT marketplace security, you can manage your NFT listings with certainty.
As with any contract, it is important you understand what you are signing for your protection and the protection of your assets. The digital world is ever-expanding and changing, security is constantly being assessed and solutions found to increase our control. Check out how Ledger is addressing one part of this story by making blind signing a thing of the past.
At its heart, Blockchain is about autonomy. As the emerging crypto ecosystem develops and seeks to overcome its own limitations, it’s key that we continue to educate ourselves so that we understand how those changes affect us.