Bug on OpenSea allows buying NFTs at reduced prices

Bug on OpenSea
Written by Emma Davis

The media reported that an unknown attacker took advantage of a bug in the backend of the largest NFT marketplace, OpenSea, to buy products at the old, lower prices and then resell them at a higher price.

According to blockchain analysts from PeckShield, the hacker has now “earned” at least 332 Ethereum (about $745,000) in this way.

At the same time, according to analysts from Elliptic, the attacker has already resold seven NFTs in this way, and they brought him about $934,000 in profit.

The NFT pricing issue was originally spotted by DeFi Orbs developer Rotem Yakir. He found that users could list NFTs for sale on OpenSea and then cancel the listing, update it, and list the lot at the new price. The problem is that the old listing with the original price could still be accessed through the OpenSea API, even if it was removed from the portal itself.

On Twitter, Yakir blamed the OpenSea developers for the bug, which allowed some ads to be managed using on-chain and off-chain settings, which caused some lots to be processed incorrectly.

** Urgent ** There is an opensea devastating bug that will keep old listing and allow exploiters to buy the NFT using their API. Immediate action is to move your NFT to a new wallet or wallet without any previous listing.Rotem Yakir wrote.
Tal Beery

Tal Beery

Yakir’s findings were soon confirmed by the CTO of the ZenGo cryptocurrency wallet, Tal Be’ery. According to Beeri, an unknown attacker managed to “earn” 100 Ethereum (approximately $225,000) at once on just one NFT.

Let me remind you that we also wrote that Critical bugs on the OpenSea NFT marketplace allowed to steal user funds.

One of the victims of this attack is an NFT collector known by the nickname TBALLER. He writes on Twitter that his NFT Bored Ape #9991 was sold at a discounted price of 0.77 ETH (around $1,775). Almost immediately, a buyer named jpegdegenlove resold the NFT for 84.2 ETH, or almost $200,000.

Yooo guys! Idk what just happened by why did my ape just sell for .77????? I didn’t list me ape at all…. Now I’m seeing DMs it sold for .77?????? wtf??????the bewildered TBALLER wrote.

Representatives of OpenSea have not yet commented on the situation, and it is not clear whether the discovered problem has been resolved.

For now, Yakir recommends that all OpenSea users who have updated prices in their listings move the NFT to the new wallet, which will prevent the item from being sold to a hacker at a lower price.

Let me also remind you that we reported that Fake OpenSea support steals NFTs and funds from cryptocurrency wallets.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending