As the creator of one of the earliest NFTs, one of the things that occurred to me was how easy it would be to game OpenSea (and NFT collectors) if one had no ethical limits.
I’m writing this article for two reasons, one, because it’s an interesting topic, and secondly, to hopefully warn others, as it’s highly likely that some of the techniques described here are being utilized by at least one NFT if not more (as well as other tricks I haven’t yet thought of). Also, I have NOT used any of these for my NFT, nor will I, but I’d be lying if I said I wasn’t at least briefly tempted.
Alright, let’s get started. Hypothetically, let’s start out with about 100K USD (or ~30eth, give or take depending on the day), with the goal of maximizing as much money as we can get as fast as possible, through any means necessary. First, let’s look at some of the top NFTs on OpenSea in the last 24 hours:
Hmm, I bet we’d make a lot of money if we could get to the front page of OpenSea, but people won’t trust our collection without the sacred blue checkmark.
…You know what would be really nice, to have THAT collection & checkmark.
First, let’s set up a non-suspicious sounding collection, and name it “NotSusNates”. While I won’t go into it in the article, let’s set up an ERC-721 contract that has exactly 10K assets, and set the metadata up somewhere we can change easily, say S3, and have something like this in it:
Let’s make 10k of them (hey I didn’t say it was going to be easy!), and just point at the same PNG, doesn’t really matter, but we don’t want OpenSea to be sus. Now launch the NFT, and we should automatically see it show up on OpenSea. Claim the contract, set the royalties to… I don’t know, 5%? Whatever you think, that won’t matter a whole lot as we’re going to get removed anyway.
Alright, now it’s blue checkmark time. https://support.opensea.io/hc/en-us/articles/360063519133-How-do-I-get-a-blue-checkmark-
We have two options. One is to get 50k followers on Twitter. Looks like that’s about $350 https://www.socialmediatoday.com/content/confession-i-bought-50000-twitter-followers. I mean, might as well, but we’re going to go a different route. The second option is by having 100 ETH trading volume, as well as our entire collection revealed. Well, we already did that, we have 10k NotSusNates for sale, and you know what, we need that volume anyway to get to the top of OpenSea.
So, after getting our Twitter fan club, we still have $99,650 left to invest in our NFT. For the sake of this article, let’s pretend that’s 30ETH so I can do easy math. Let’s split it up, create 10 new Ethereum accounts that have never been touched by human hands.
Alright, do NOT transfer directly to them, we aren’t Nate Chastain, we don’t want to make it easy for people to catch us (No offense Nate wherever you are, no hard feelings!). Fund each of them directly from an exchange, and do NOTHING else with them yet. Want extra credit? Use different exchanges so they all look unique. Want super extra credit? Buy and sell some NFTs a few times, mix it up a bit, make sure they all look a bit different. Go the extra mile and get some .eth domains for each of them. It should take you all of 30 minutes to make them look nice and fresh, yet have nothing for someone trying to trace who owns them.
Now it’s time to get to the top of OpenSea and get our checkmark! We have 10 accounts, each with 3 Eth. Let’s make our floor look nice and solid, start listing our NotSusNates for around 1 Eth each (don’t forget to make some a bit higher, some a bit lower, we’re going for realism). I mean, if you’re lazy, write a python script to do it, you’re looking at an hour or two of work max.
Now, start buying from yourself, and selling, and buying, on loop, over and over. Keep in mind, OpenSea is going to take 2.5% off every transaction. So how much volume can we generate with our 30eth? (I’m being a bit lenient, you’d shave off a bit more in gas depending on the time of day, but not much).
- Spend 30E, Fees 0.37, Remaining 29.63, Total Volume: 30E
- Spend 29.63E, Fees 0.741, Remaining 28.889, Total Volume: 59.63E
- Spend 28.889E, Fees 0.722, Remaining 28.167, Total Volume: 88.519
- Spend 28.167E, Fees 0.704, Remaining 27.463, Total Volume: 116.686
Sweet! In just 4 rounds, we have enough to get verified. It’s a bit of pain, but start tweeting at OpenSea’s account, join their Discord, and guess what, we’re already in the top 50 NFTs on OpenSea in the last 24 hours and we’re just getting started. Heck, some bot accounts are probably contributing to volume by now because they think something big is happening. And they’re right ;)
You know, at this point, maybe we just start tweeting and give some of them away to some famous people, we could just… go ethical now and run a real NFT. Yeah, it was sketchy, to begin with, but we’re in a good place to do a launch now. Nah, let’s go for the quick win.
(Note, getting verified is how I actually met Nate, and he was super nice. Also, I didn’t generate my own volume, but I definitely could have).
Alright, we’re verified, thanks OpenSea. NotSusNates is now a bonified legit NFT, with a beautiful checkmark, and we could just keep buying from ourselves to pass up all the other NFTs. But there’s probably someone out there that’s starting to notice, and digging into the accounts. Some people are already buying from us, we’re getting some royalties, but we’re still at a net loss because of OpenSea fees and some inevitable losses to the Ethereum Gas monster.
It’s time. Script it, we need to do it quickly, it’s not going to go well if we do it by hand. Update all of the metadata.json to match Bored Ape Yacht Club. Make it EXACT, same properties, everything.
Now make sure the image is now pointing at the real BAYC images (I think they’re on IPFS? Not sure, a lot of NFTs are). Now hit the OpenSea API to refresh the metadata on all 10k NotSusNates that are about to become apes.
PERFECT. It is now time. Login with Metamask as the account that launched NotSusNates. Edit the collection, and rename it to BAYC. (pretend that’s not taken by someone else who was already likely trying to scam Bored Ape Yacht Club Owners). The checkmark… stayed ;). Update the image. Alright, let’s see what we’ve got:
Alright, UP the price on those former NotSusNates and enjoy. I bet we’ve got a solid hour before the collection is removed because OpenSea is doing so much already. If we sell even a single counterfeit BAYC (that even has the verified symbol), we’ll have made more than we invested. And it’s HIGHLY likely we’ll scam a few more people than that if we’re lucky.
All of this is doable with 100K or less, and I truly think it would be easy (and highly unethical to pull off). The moral of the story is that the NFT space is super fun, but still easy to game, so be careful. And to OpenSea, I would love to send you more scenarios like this and help improve the site, it really is a fantastic website to use and I know you have so much on your plate, but I hope this helps you find ways to prevent scammers and pump and dumpers.
Thanks for reading and let me know what you think!
Ken
P.S. Actually, this only cost us about 2Eth, so the total cost to scam is actually less than 10K. Worse than I thought :) Now imagine someone doing this with a few million. Be careful everyone!
