OpenSea is apparently choosing not to offer a reasonable bug bounty to a blockchain dev, Mr. Ø, who found a major flaw in its system. If this is really the case, it could lead to more disastrous outcomes for OpenSea users.
OpenSea’s reputation within the NFT community continues to take a beating
To sum up the situation, Twitter user Mr. Ø (@mr0chill) took to the social media platform to report that they found a “massive vulnerability” in OpenSea. In fact, the Quantum project/product lead stated that this bug is at the “same scale or worse than the last one.” To clarify, they are likely referring to the infamous listing exploit that led to the loss of many high-value NFTs.
Unfortunately for OpenSea users, Mr. Ø notes in another tweet that they have “had DMs from people who want to “buy” this exploit, offering close to 100x of what Opensea does”.
Obviously, this is a nightmare scenario. As Mr. Ø goes on to explain, “This illustrates a market for vulnerabilities that would be very difficult for someone more money motivated than myself to not fall into.”
Simply put, if people are willing to pay far more than OpenSea for bug information, then there will be people selling that information for the highest price. Such a scenario puts OpenSea users at huge risk from hackers and scammers.
Not the first time that OpenSea has come under fire for a measly Bug Bounty
The tweets – and most of the replies to them – are basically saying that OpenSea is pinching pennies when it comes to paying bug bounties.
For those who don’t know, it is commonplace for blockchain and other tech companies to pay bounties. These are rewards for people who find potential issues in products. In addition, it creates an incentive for people to point out flaws rather than exploit them.
For example, Polygon awarded a $2 million bug bounty back in October 2021. This goes to show how some companies value the services of those who point out these kinds of bugs. After all, millions can be a small price to pay in comparison to potential damages arising from security lapses.
Will the grief ever end for the leading NFT marketplace?
OpenSea may well be shooting itself in the foot if it is indeed opting not to pay a fair bug bounty. As a matter of fact, OpenSea has faced criticism for this exact issue in the past. Last November, a so-called “white-hat hacker” took to Twitter with similar complaints about OpenSea’s treatment of security and bug bounties.
OpenSea has been facing an endless stream of discontent from NFT traders on Twitter for months now. This is despite it being the biggest NFT marketplace by user count. Whether it’s bugs, delistings, its mysterious verification process for NFT projects, or other scams, barely a day goes by without people voicing their displeasure with the platform on Twitter.
Whatever the case may be, hopefully, this situation doesn’t lead to a repeat of the last OpenSea issue. To be sure, it would be a lose-lose for both the platform and its users.