A Texas man is suing OpenSea over an exploit that saw high value NFTs, including his Bored Ape, sold for a fraction of their cost.
A Texas man who unwittingly sold his Bored Ape NFT for 0.01 ETH—the equivalent of around $26—is suing OpenSea, alleging the platform knew about a bug that allowed hackers to buy NFTs for far below market price.
In a complaint filed in Texas federal court, Timothy McKimmy claims he is the rightful owner of Bored Ape #3475—one of a set of 10,000 highly coveted primate NFTs known as the Bored Ape Yacht Club.
He claims that he did not list his Bored Ape for sale and that the NFT was “stolen”—and that the “buyer” promptly resold it for 99 ETH ($250,000 at today’s prices).
According to McKimmy, the ape in question is in the top 14th percentile when it comes to rarity, and is significantly more rare than the Bored Ape NFT Justin Bieber recently purchased for $1.3 million. He is seeking “the return of the Bored Ape [..] and/or damages over $1 million.”
McKimmy—whose LinkedIn profile lists him as the CEO of a Texas iron ore firm—claims that OpenSea knew about the bug, which was widely reported in the media, but refused to halt trading in the interest of profits.
“Instead of shutting down its platform to address and rectify these security issues, Defendant continued to operate. Defendant risked the security of its users’ NFTs and digital vaults to continue collecting 2.5% of every transaction uninterrupted,” the complaint alleges in accusing OpenSea of negligence and breach of contract.
McKimmy further alleges that he has repeatedly tried to resolved the issue with OpenSea. The company, he says, told him it is “actively investigating” the incident but has failed to do anything more.
He is far from the only one in this situation. In January, OpenSea issued roughly $1.8 million in refunds to users affected by the exploit, though it remains unclear how exactly the company is handling reimbursements and determining refund amounts.
McKimmy’s complaint cites chatter in NFT forums that alleges OpenSea has been approaching other victims of the bug and offering them the “floor price” (the lowest priced asset in any given NFT collection), even if their particular NFT is worth more—and only so long as they sign a non-disclosure agreement.
OpenSea did not immediately reply to a request for comment about McKimmy’s allegations.
The lawsuit, which was filed on Friday, could be followed by others. A law firm in the northeast is soliciting complaints from other OpenSea customers who lost NFTs due to the bug with the goal of filing a class-action complaint.
McKimmy, meanwhile, claims one goal of the lawsuit is to force OpenSea to tighten up its security practices.
“Plaintiff brings this lawsuit to protect the interests of NFT owners, who reside in countries worldwide and use Defendant’s platform. Plaintiff brings this lawsuit to force Defendant to enact sufficient security measures and address the known susceptibilities in its interface,” states the complaint.
The lawsuit comes during a rough stretch for OpenSea, the world’s largest NFT platform. Prior to the discovery of the bug that allowed people to buy valuable NFTs for as low as 0.01 ETH, a senior executive resigned in the wake of insider trading allegations.
Meanwhile, a new controversy emerged this weekend related to a phishing campaign that has seen OpenSea customers fleeced of their NFTs—a situation the company says does not arise from a vulnerability in the platform.
Read full story on Decrypt