Discomforts of the Decentralized Web: The Legal Implications of NFTs

Since the digital artist Beeple sold his piece “Everydays: The First 5000 Days” for $69 million, NFTs have overwhelmed the art market and captivated artists and collectors alike. NFT stands for non-fungible token– “non-fungible” meaning that it is one-of-a-kind, and cannot be replaced with something else. NFTs, unlike traditional digital art, afford both the creator and purchaser security and ownership; they are tokenized digital assets. Artists and creators favor NFTs because many NFT marketplaces take a significant cut of the artists’ profits, in contrast to traditional galleries. The NFT marketplace allows for a direct transfer of ownership with the transaction being recorded on a blockchain: a digital database which stores a secure record of data. NFTs are often bought and traded in Ethereum, or ‘ETH’, a crypto currency. 

While NFTs are appealing largely for their security, recent civil actions suggest that NFT creation and transactions might have unique, unprecedented legal implications. In order to understand NFTs and their potential impact on existing legal protections for digital assets, one must also understand the ethos of the decentralized web. Jason Griffey, a fellow at the Berkman Center for Internet and Society at Harvard University, describes the decentralized web as “a series of technologies that replace or augment current communication protocols, networks, and services and distribute them in a way that is robust against single-actor control or censorship.”

In February, Timothy McKimmy sued OpenSea, a digital NFT marketplace, for one million US dollars, alleging negligence and breach of contract. McKimmy filed a complaint in Texas federal court, claiming that his Bored Ape NFT was stolen. This is an issue he had repeatedly attempted to remedy with OpenSea directly, but the company failed to seriously investigate or act on his complaints. McKimmy claims that although he did not list his rare Bored Ape for sale, it was sold for a mere 0.01 ETH, approximately 26 dollars. The “buyer,” or the alleged hacker, quickly resold the NFT for 99 ETH, approximately 250,000 dollars. 

According to McKimmy, OpenSea was aware of a listing bug that permitted hackers to buy NFTs at a fraction of their market value. The bug had been discussed and complained about numerous times prior in angry tweets, news articles, and communications directly with the company. In January, OpenSea spent around 1.8 million dollars reimbursing users in similar situations to McKimmy, though the amount reimbursed and which users’ pleas they responded to remain ambiguous. Victims of the bug have voiced dissatisfaction with their refunds, stating that OpenSea offered to reimburse them “floor price” — the value of the cheapest NFT in the collection — even if the specific stolen NFT is worth more. Additionally, bug victims allege that OpenSea will only reimburse them if they sign a non-disclosure agreement; this speaks to the company’s determination to ensure a stellar reputation and perhaps avoid legal action or widespread demands for reimbursement.

Despite these issues, OpenSea continued operating its marketplace and in doing so risked the security of its customers’ assets. OpenSea did acknowledge the security threat in an email sent out to users that advised owners to immediately cancel any inactive listings they might have. NFT collector Dingaling, along with other collectors, issued a Twitter warning stating that OpenSea’s advice to simply cancel listings offered an oversimplified and downright incorrect solution. 

Decrypt, a website dedicated to all-things related to the decentralized web, backed collectors who warned against OpenSea’s shallow approach: “By simply telling users to cancel inactive listings one by one on the OpenSea website, it actually allowed exploiters to execute purchases on other inactive listings.” 

It is alarming but not entirely surprising that OpenSea, the first and largest Web3 marketplace, does not know how to handle problems that arise from transactions on its own platform. The purpose of Web3, the digital space in which NFTs exist, is to foster decentralized communication and commerce. Web3 users are enticed by a digital world that is hardly supervised or regulated. However, evidenced by McKimmy’s lawsuit and others like it, the same users that enthusiastically participate in an unmonitored digital world are shocked and angered when they do not have some sort of regulating body to ensure the security of their assets. 

Web3 is an extraordinarily new technology, so there is undoubtedly a host of legal issues, confusions and disagreements that have yet to be identified relating to NFT creation and commerce. 

Hughes Hubbard & Reed, a law firm which specializes in art law, published an informative article outlining what they deem to be “the unknown legal future” of NFTs. They predict copyright claims stemming from the fact that “An NFT cannot exist without an underlying digital asset. If that digital asset constitutes an ‘original work of authorship,’ such as a ‘pictorial, graphic or sculptural work,’ it receives copyright protection under the federal Copyright Act.[7]

What if, however, the digital asset in need of protection is not an “original work of authorship” but instead a digital record of ownership? Will copyright law only protect the original work attached to the NFT, and not the NFT itself? 

Whether NFTs will be deemed “securities” under the Securities Act of 1933 also remains to be seen — a decision which will certainly affect future NFT-related lawsuits. Lawsuits like McKimmy’s prompt a questioning and reevaluation of just how decentralized the decentralized web can and should be. Must we create laws specific to NFTs, or extend existing protections of digital works to include NFTs? Do NFTs, which exist in the decentralized web, even call for legal protections?

Jolie Rolnick is a senior at Brown University, concentrating in Political Science. She is a staff writer for the Brown University Undergraduate Law Review and can be contacted at jolie_rolnick@brown.edu