Negosyante News

December 23, 2024 2:56 pm

Hackers Exploit Bug Found on OpenSea, Buys NFTs Under Market Value

IMG SOURCE: Mireille Raad/Unsplash

Around 3 hackers recently exploited a bug on the popular NFT marketplace OpenSea which allowed them to purchase rare NFTs at a significantly lower price compared to their market values. This caused the original owners to garner losses amounting to thousands of dollars while the attackers are able to make huge profits.

The bug had already been present since December 31, 2021, but it was only leveraged on January 24, 2022. Elliptic, a blockchain analytics company, reported that one of the hackers going by the name of jpegdegenlove bought seven NFTs just for a total of $133,000 after which the individual sold them for $934,000. Another NFT — Bored Ape Yacht Club #9991 — was also purchased for just 0.77 ETH or $1,760 using the bug before being sold by the attacker at 82.4 ETH or $192,400.

“It’s a subjective thing whether you consider this to be a loophole or a bug, but the fact is that people are being forced into sales at a price they wouldn’t otherwise have accepted right now,” explained Elliptic chief scientist and co-founder Tom Robinson. The bug essentially functions due to a mismatch of information between smart contracts and OpenSea’s user interface. This means that most of the prices are of old listings that are still present on the blockchain but no longer viewed through the marketplace.

“If you had an open listing that you never canceled, or didn’t hit its expiration, it still exists,” added an OpenSea Discord administrator. NFTs are sold by users setting a list price for potential buyers. If a seller wants to re-list their NFT for a higher price, they would first have to cancel the previous listing, which entails exorbitant “gas fees.” To go around this, some users transferred their NFTs to another wallet first before putting them back into the original wallet to remove the listing from OpenSea but it still remained on the marketplace’s API.

OpenSea is yet to comment on the situation, and whether they are viewing this as an open security flaw or simply an error on the part of its users.

 

Sources: The Verge, CoinDesk

Comments are closed for this article!

Subscribe to Our Newsletter and get a free pdf:

Sign Up for negosyante news

and receive a copy of The Crypto Cheat Sheet (PDF)
and NFT Cheat Sheet for free!

* indicates required