Bitcoin btc
$ usd

OpenSea Bug Results in Exploiters Pilfering $1.3M Worth of NFTs

2 mins
25 January 2022, 07:21 GMT+0000
Updated by Kyle Baird
25 January 2022, 07:21 GMT+0000
In Brief
  • Three exploiters have stolen at least eight high-value NFTs totaling at least $1.3 million.
  • The bug allowed them to purchase NFTs at a very low price, which were then sold at a much higher price.
  • NFT marketplaces are suffering from an increasing number of hacks and exploits.
  • promo

An OpenSea relisting bug has resulted in exploiters stealing at least $1.3 million worth of various NFTs. The attackers have begun to run the Ethereum that was made from the sales through Tornado Cash to prevent tracing.

Hackers have stolen at least $1.3 million in the form of NFTs after exploiting a bug on the NFT marketplace OpenSea. The bug allowed the hackers to purchase high-priced NFTs for small sums, which they then resold at much higher prices. The attack occurred on Jan 24, with at least eight high-value NFTs affected.

Initial analysis has identified that at least three hackers were involved, with one going by the name of ‘jpegdegenlove.’ The NFTs in question came from the Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats, and Cyberkongz NFT series. For example, the Bored Ape Yacht Club NFT #9991 was purchased for $1,800 and sold for $196,000.

After selling the NFTs, the attackers used Tornado Cash to prevent the ETH from being traced. Interestingly, the hacker jpegdegenlove sent ETH to two of the victims, compensating them, though not entirely.

Orbs Developer Rotem Yakir said on Twitter that the bug had to do with the fact that you could relist an NFT without canceling it (which can no longer be done), with the previous listings not canceling on-chain. Furthermore, he said that OpenSea was an ‘old product’ with,

“Slow, bad UX, with old smart contracts code which makes you pay much more gas than you should and not beneficial for traders.”

NFTs becoming lucrative targets

NFTs seem to have become one of the major targets of attackers in the crypto space. Multiple incidents have been reported recently. This is unsurprising, given how popular NFTs have become in the past year.

The most significant of these incidents is when a hacker had stolen Crypto Apes from OpenSea, which resulted in the latter freezing $2.2 million related to the theft. The decision to freeze the funds sparked criticism from the crypto community, who said that it was “anti-crypto.” Another Bored Ape NFT collector lost nearly $1 million to Discord scammers.

These attacks have been growing in number, with Nifty Gateway also having suffered hacks, and it does not look like it will subside anytime soon. NFT marketplaces will have to put more resources towards security, otherwise risk losing users.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

Sponsored
Sponsored