What happened?
Earlier this week, OpenSea discovered that hackers had exploited an internal system bug to “steal” over $1 million worth of NFTs from the platform’s most sophisticated customers.
According to data provided by OpenSea, it refunded a total of 750 Ether to over 130 wallet items, coming after major backlash that it had failed to properly address the user interface feature allowing unknown third parties to buy over $1 million worth of NFTs on discount. The feature that enabled unknown opportunists to take advantage of this loophole, affected users who had transferred their previously listed NFTs to other wallets without cancelling the old listings.
Originally reported by the blockchain security company, Elliptic, the company said that hackers exploited the bug to exploit that ability to buy previously listed NFTs extremely cheap at their earlier listed prices, so they could in turn sell them at much higher market rates.
However, OpenSea responded stating that this was “not an exploit or a bug” but rather “…an issue that arises because of the nature of the blockchain. OpenSea cannot cancel listings on behalf of users. Instead, users must cancel their own listings,” according to ZDNet.
Now what?
Security researchers from Elliptic were able to identify at least three attackers who purchased at least eight NFTs for “much less” than their market value – specifically assets from several of the industry’s most reputable collections including Bored Ape Yacht Club (BAYC), Cool Cats, and Mutant Ape Yacht Club.
One of the attackers identified, who went by the pseudonym ‘jpegdegenlove’ allegedly paid $133,000 for seven NFTs and subsequently sold them on the platform for $934,000 – a seven times increase in less than one day.
Since the issue was first reported earlier this week, OpenSea announced via Twitter that it added a “Listings” tab on users’ profiles that allows them to review both active and inactive listings of their NFT items.
The company also announced a $300 million Series C funding round earlier this month, which raises the company’s overall valuation to at least $13.3 billion, making incidents like this not only expensive – but detrimental to the company’s future longevity, security, and success.
What do you think about this subject? Write to us and tell us!
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.