Since 2020, the non-fungible token (NFT) market has grown rapidly. NFTs are units of data stored in a distributed ledger that represent unique collectibles, works of art, or other goods and can be sold and traded. (For a useful introduction to crypto tokens, including NFTs, see Shermin Voshmgir’s Symbolic economy.)
In the first months of 2021, interest in NFTs increased after several high-profile art sales and auctions. Similarly, smart contracts – which can, among other uses, create and manage NFTs – have also grown in popularity as they work to automate the execution of an agreement. States like Arizona, Nevada, Tennessee, and Wyoming have passed laws on the use of smart contracts. In 2020, Iowa passed a bill legally recognizing smart contracts in the state.
On February 18, 2022, McKimmy vs. OpenSea (Civil Action No. 4:22-CV-00545) was filed in the Southern District of Texas against an NFT market leader. Timothy McKimmy claims his Bored Ape Yacht Club NFT was stolen on or about February 7, 2022, due to a security breach in OpenSea that allowed “an outside party to enter illegally through OpenSea’s code and access [McKimmy’s] NFT Wallet.
In its lawsuit, McKimmy alleges that OpenSea was aware of security flaws in its platform. In January 2022, OpenSea refunded users after a loophole with inactive listings allowed opportunists to buy NFTs at a huge discount. The UI flaw affected users who had transferred their previously listed NFTs to other wallets without undoing old listings (“Open Sea refunds users $2.8 million after a bug leads them to accidentally sell their NFTs at deep discounts”, Fortune). Opportunists have exploited the ability to buy these NFTs at a lower, earlier price and then resell them at the much higher current market rate. OpenSea advised users to cancel old listings, which again put their NFTs at risk, according to some sources (“OpenSea’s Advice to Cancel Old Listings Put Holders at Risk…Again,” NFT Party).
Then, on February 19, 2022, OpenSea suffered a phishing attack. Within three hours, 254 tokens were stolen and 17 OpenSea users were affected (“1.7 million dollars in NFTs stolen in apparent phishing attack against OpenSea users”, The edge). The estimated value of the stolen tokens is over $2 million (“Seventeen OpenSea users had their NFTs stolen and returned for a total of $2.9 million by a phishing scammer,” Web3 is doing great). The attack was explained as the targets signing a partial contract with blanket clearance and large portions left blank, which the attackers then completed to take the target’s assets. OpenSea was in the process of updating its contract system when the attack happened.
McKimmy alleges that his Bored Ape #3475 NFT was stolen, listed, and sold to another person on OpenSea on or about February 7, 2022. McKimmy alleges that vulnerabilities in OpenSea “allowed others to enter through his code and force an NFT to be listed.” He attempted to resolve the issue with OpenSea but alleges that OpenSea “ignored” him. OpenSea is apparently investigating the issue but has not rolled back the transaction. ( Note that immutability may be a defense in this case. The case could emphasize that the NFTs used on the Ethereum blockchain are immutable, so the requested remedy may not be possible.) McKimmy also attempted to resolve the issue with the individual who currently owns Bored Ap #3475, but the individual “refused to return it”.
The complaint includes causes of action for negligence and breach of fiduciary duty, trust, contract and implied contract. McKimmy alleges that OpenSea owed a duty of care to him as a user and failed to take appropriate steps to protect users. McKimmy further alleges that OpenSea failed to implement procedures to “prevent, identify, detect, respond, mitigate, contain, and/or remediate security breaches.” McKimmy alleges that in addition to failing to protect against reasonably anticipated threats, OpenSea entered into contracts and/or implied contracts and failed to protect digital wallets connected to its platform.
This case will highlight the issue of contracts and smart contracts in the emerging digital world. The elements of a contract, express or tacit, are identical. These elements are mutual consent, expressed by valid offer and acceptance, proper consideration, capacity and legality. In the analog world, contract language is bound by all four corners of the contract, and so long as contracts “are clear and unambiguous, parole or extrinsic evidence prior to or contemporaneous with the contract is inadmissible to alter, contradict, or add terms in the contract”. Contract.” See Sterling, Winchester & Long, LLC v. United States, 83 Fed. Cl. 179, 184 (Fed. Cl. 2008).
There has been virtually no analysis on smart contracts under established legal principles at present. As mentioned above, some states have passed smart contract legislation, but the majority have yet to address this issue. If this case goes unsettled, it will provide context for how courts will analyze blockchain, NFTs, and smart contracts under current analog laws. This court will discuss the enforceability of smart contracts and who can enforce them.
Typically, contract disputes arise between a limited number of parties, but these smart contract disputes could range from users like McKimmy suing the NFT market, to hackers, to people who have purchased wrongfully obtained NFTS, and more. of the. The courts will have to determine whether the shelter rule of the Uniform Commercial Code also applies to these transfers. Under UCC Section 3-203(b), the safe haven rule protects the beneficiary of an instrument who has received the instrument from a bona fide purchaser. Licensee is “protected” from further claims by Licensor’s status as a bona fide purchaser. In these cases, if an NFT is purchased through an inactive listing bug and then resold and resold again, the court must answer whether the transfers can be upheld.
The rise of digital assets (including NFTs and cryptocurrency) and smart contracts will generate disputes over established law and its application to these new instruments. Expect litigation to ensue in the areas of deceptive marketing practices, breach of contract, breach of fiduciary duty, fraud and negligence, among other areas. McGuireWoods’ specialist litigation teams remain ready to defend clients against any claims that may arise.