NFT marketplace OpenSea sued for US$1 million after Bored Ape was stolen

The stolen Bored Ape and Justin Bieber's Bored Ape
The stolen Bored Ape Yacht Club NFT (l) and Justin Bieber's Bored Ape (r). Photo credit: Supplied / OpenSea

Popular NFT marketplace OpenSea is being sued by a Texas man for over US$1 million (NZ$1.5 million) after his Bored Ape was stolen from his cryptowallet.

Timothy McKimmy wants both his Bored Ape Yacht Club NFT back, as well as recognition of its "significant value".

Bored Ape #3457 wears a baby's bonnet and wool turtleneck combination, with sunglasses and a gold hoop earring, making it in the top 14 percent of NFTs in the collection in terms of rarity.

The lawsuit filed at the US District Court for the Southern District of Texas says OpenSea knew there were security vulnerabilities in its platform but did not properly inform users about them.

Those vulnerabilities allowed someone to relist McKimmy's Ape for virtually nothing, the lawsuit alleges.

OpenSea's "security vulnerability allowed an outside party to illegally enter through OpenSea's code and access [McKimmy's] NFT wallet, in order to list and sell his Bored Ape at a literal fraction of the value," it states.

"Essentially, OpenSea's vulnerabilities allowed others to enter through its code and force the listing of an NFT. This is through no fault of the owner."

The NFT was sold for just 0.1 ether, around US$260 (NZ$386) and then immediately sold for 98.9 ether to another party, currently worth around US$260,000 (NZ$386,000).

McKimmy argues the Ape was instead worth over a million dollars, using Justin Bieber's recent Bored Ape purchase as an example.

"Justin Bieber purchased Bored Ape #3001 for 500 ETH, or US$1.3 million at the time of the transaction. Bieber's Bored Ape has a rarity score of only 53.66 and a rarity rank of #9777," the lawsuit states.

"In contrast, [McKimmy's] Bored Ape has a rarity score of 138.52 and a rarity rank of #1392. It is significantly rarer than Bieber's. Thus, [McKimmy's] Bored Ape's value is arguably in the millions of dollars and growing as each day passes."

McKimmy said he had contacted OpenSea "numerous times" and was told the company was actively investigating the issue but nothing was done.

He had also reached out to the new owner but that individual refused to return it.

OpenSea is the most popular NFT marketplace on the internet but has attracted a range of criticism lately.

Over the weekend a number of NFTs on the platform were fraudulently taken after a phishing attack.

In a bid to stop the issue that cost McKimmy his NFT from happening again, the company had urged everyone to migrate their expired listings to a new smart contract.

Cybercriminals posing as OpenSea then took advantage, sending emails to users and pocketing an estimated US$2 million worth of NFTs in the process.

Just a few weeks ago, the company cut the number of free NFTs that could be minted on the platform. saying over 80 percent were "plagiarised works, fake collections, and spam".

"In addition we're working through a number of solutions to ensure we support our creators while deterring bad actors," the company said.