How to Stay Safe on NFT Marketplaces

Read 6 min
Key Takeaways:
— Blockchain transactions are made secure by a consensus mechanism system, which means transactions need to be approved by the network.
— While this  system is secure, and revolutionized the way we transact by removing the need for a middleman, it is costly to end users who need to pay gas fees to action transactions.
— For this reason, some platforms manage and store some elements of your transaction off-chain – in other words, in centralized database. 
— Understanding the consequences of this for your transactions is essential to remaining secure. Here, we explain using NFT marketplaces as a current example.

What is an off-chain transaction, and how does it affect your NFT marketplace security? Let’s take a look at NFT marketplace security to understand the concept.

Blockchain is amazing right? Forget banks and middleman, we are in complete control of our assets at all times and remain completely secure, by harnessing the power of the network itself. The defining feature of blockchain – and the thing that makes it so revolutionary, secure and reliable – is that transactions can only take place when the network (that’s a huge number of participants spread across the planet) approves them. This system is known as a consensus mechanism.

This applies both to transfers of value, and to more complicated requests, such as alterations to the terms or the application of a smart contract, which also rely on the network for approval.

The Cost of Freedom

But this autonomy comes with a cost. If you’ve ever done a transaction on Ethereum, you’ll know about those much-maligned gas fees we all try to avoid. Processing a transaction on the Ethereum network requires computing power, and that translates as a cost to the end user. This is why some platforms and services have enabled elements of your transaction to be managed “off-chain”. Let’s explore that concept further, and explain what it means for you.

What does Off-Chain Mean?

As the name suggests, an off-chain interaction is one that happens off the blockchain – in other words, it’s a permission to do X Y or Z with your assets that are stored and managed by an external database, rather than the network itself. 

There are a number of benefits to doing this, chief among which is that it doesn’t require network approval – or the related gas fees

Sounds great, right? Given the choice between a costly on-chain interaction and a free-to-execute off-chain alternative, the latter seems an obvious choice – but there are also important consequences to the user, and understanding this is essential to navigating the space securely. To examine this further, let’s take a look at the recent OpenSea exploit, how it happened and how it was leveraged by a hacker to buy NFTs below floor price – without the knowledge of the seller.

The OpenSea NFT Exploit Explained

When you list an NFT on OpenSea, the transaction behind the listing is split into two separate elements – one on-chain and the other off-chain – with the aim of streamlining the process and making listing less expensive for sellers. Both elements form essential parts of the same overall process, but perform different functions.

The On-Chain Part

Sellers listing an NFT on OpenSea will initially sign a “Set approval for all” smart contract permission. What does this mean? This is an on-chain transaction – it broadcasts to the blockchain that the seller has given OpenSea permission to offer any NFT from a given collection to be sold and moved from their address to another person’s.

Once you approve this smart contract, it is validated by the network and the blockchain will continue to enforce that arrangement until it’s told otherwise – this is all done on-chain.

The Off-Chain Part

Now that the platform has permission to access and move your NFTs, it’s time to dictate the specific terms of the arrangement – specifically the price you want to sell at, and the expiry date of that offer (which is optional). This is done through something called a sell order.

Sell orders are handled off-chain, using something called a Personal_Sign message. This message – which drives the on-site listing – is signed using your private key, however it is not actioned on the blockchain itself. Rather, the details are stored on the OpenSea centralized database. 

There are some advantages to doing this: not only does it mean no initial gas fee for the seller, it also means they remain free to use the NFT as they like until the point of sale, since the arrangement means the NFT is not in any sort of escrow account.

Sounds simple enough, right? Yes and no: there are some weaknesses to this design, as OpenSea found out recently. Those occur when you, the seller, want to change the terms of your listing: in other words, if you want to change the price of the listing, or remove it altogether.

Off-Chain Transactions: Vulnerabilities for Sellers

Remember, there are two process levels driving your NFT listing on OpenSea:

  • your smart contract permission, giving your agreement for OpenSea to access your NFTs and move them to a buyer’s wallet. This is recorded on-chain.
  • your sell order, containing details like price and expiry, which are-managed and stored off-chain within the platform’s own database.

Both levels of this process need to be taken into consideration when you manage your listing, something that many users were not aware of. Let’s take a closer look at how this dynamic operates, and how it led to the platform being exploited.

Making Changes to your Listing

Let’s say you have an NFT listed on OpenSea, but have decided not to sell and want to de-list it. The correct way of doing this is by paying the gas fees to cancel the smart contract permission at the on-chain level; once this is done, the Personal_Sign message will automatically be invalidated and disappear from the OpenSea database, as well as being deleted from the platform itself.

But in order to avoid gas fees, many OpenSea users use a different process to take their NFT off the market.

Rather cancel on-chain, a common way to manage a listing is to simply transfer the NFT out of the initial address (which bears the relationship with the smart contract) and into another wallet owned by the user, and then send it back to the initial address again. Since the sale can no longer be fulfilled by OpenSea once the NFT leaves the initial address, the platform will de-list the item automatically – with users having an expectation that the sell order is now invalid.

Here’s the problem with that: although it removes the listing from the OpenSea interface, your permission to sell remains valid from a blockchain perspective.

So although it seems like you’ve removed your NFT from the marketplace, the blockchain itself will still honour a sales request for the item: this means anyone who has a record of your sell order message (with – you guessed it – the old price) can force through a sale of that NFT once it’s back at the OpenSea address.

Would you sell your Bored Ape for the same price as six months ago? Me neither. So you see how this ends.

Off-Chain Transactions: Centralisation Returns

Alright, you might be asking yourself – “how did the attacking wallet gain access to my old signed messages?”, and it’s a great question. There are two options here: either the hacker employed a bot to save every offer that’s ever been posted in OpenSea, or there is a breach in the platform’s API. And either way, the vulnerability lies in the fact that the information was managed off-chain.

This is not to say that there’s no place for off-chain functionality in dApps and DeFi – simply that using this approach welcomes back a few of the problems that blockchain was designed to solve, namely, the single point of failure issue that pervades centralization. So understanding exactly how our agreements work is essential research.

How to protect your NFTs

As you now know, the best way to protect your NFTs from this exploit is to make sure any sell-order cancellations are done on-chain  – and this entails swallowing some gas fees.

But there are also a few other things in play to help you stay safe. In response to this attack OpenSea launched Listing Manager, a set of tools to help NFT owners see inactive sales orders and cancel them in one click. This will help tackle the recently exploited vulnerability but the simplest way to avoid leaving yourself open to this particular attack is to avoid taking shortcuts and pay the gas fees to cancel the old sell offer linked to your NFT.


And in addition to this, services like Revoke.cash enable users to inspect all of the open contracts you’ve authorised to spend money on your behalf, and revoke access for the ones you no longer need – a tool that can be used across the range of DeFi platforms you may be using with Ethereum.

The best protection: Keep on Learning

We’ve said it before and we’ll say it again – knowledge is power. Now that you know the difference between on-chain and off-chain transactions, and how they affect your NFT marketplace security, you can manage your NFT listings with certainty.

As with any contract, it is important you understand what you are signing for your protection and the protection of your assets. The digital world is ever-expanding and changing, security is constantly being assessed and solutions found to increase our control. Check out how Ledger is addressing one part of this story by making blind signing a thing of the past. 

At its heart, Blockchain is about autonomy. As the emerging crypto ecosystem develops and seeks to overcome its own limitations, it’s key that we continue to educate ourselves so that we understand how those changes affect us. 

Knowledge is power.


Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]