Hacker Exploits OpenSea Bug That Undervalue NFTs To Buy And Flip Bored Apes

Share This Post

Scammers appear to be taking advantage of an OpenSea bug in order to purchase valuable NFTs at a considerably cheaper price than their current listing.

Several researchers and developers have detailed the ongoing problem, with some claiming that specific NFTs worth hundreds of thousands of dollars have been stolen by exploiting the platform’s bug.

OpenSea Bug Opens Platform To Hack

According to reports, a fault in the front end of prominent nonfungible token (NFT) marketplace OpenSea has resulted in an exploit that allows users to acquire popular NFTs at their prior listing price.

The issue appears to be prevalent with Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFT collectibles, where the exploiter was able to purchase them for their original listing price and subsequently sell them for the current market price. BAYC #9991, BAYC #8924, and MAYC #4986 are among the affected NFTs.

The hack was brought to light after NFT collector “TBALLER” tweeted that their rare Bored Ape #9991 sold for a pittance of.77 ETH, or $1,775 early Monday morning.

The buyer, who goes by “jpegdegenlove,” flipped the ape NFT almost immediately for 84.2 ETH, or roughly $200,000. The user has been able to flip about 332ETH ($754,000).

Reported exploiter Ether wallet balance Source: Etherscan

PekShieldAlert — the popular security firm PeckShield’s real-time alerts bot – alerted of an OpenSea front-end flaw earlier today, noting that the exploited had already obtained 332 ETH worth around $750K at the time.

According to cryptocurrency analysis firm Elliptic, at leaOpenSeast three attackers have purchased NFTs with a total market worth of slightly more than $1 million utilizing the weakness since Monday morning. “By exploiting this flaw, one attacker today paid a total of $133,000 for seven NFTs—before quickly selling them on for $934,000,” the firm’s blog read.

In a Twitter thread, Rotem Yakir, a developer at the decentralized money business Orbs.com, explained the vulnerability. People who relisted their NFTs without canceling them and then sold them at a higher price could have them bought at a cheaper price through the glitch, according to Yakir.

Earlier today, security researcher Tal Be’ery corroborated Elliptic and Yakir’s discovery by displaying data from the Ethereum blockchain confirming that Bored Ape Yacht Club #8274 was purchased in July for $50,500 (22.9 ETH) and resold for about $296,000. (130 ETH).

Related article | What Went Wrong In The Crypto.com (CRO) Hack? Experts Weigh In

This Exploit Is Not New

An earlier exploit on December 31 witnessed a similar scenario, in which a problem appeared to come from the transfer of assets from the OpenSea wallet to a separate wallet without the listing being cancelled.

According to one user, if someone using OpenSea put an NFT for sale and later decided they didn’t want that ad to remain active, the platform would charge for its removal. This, however, can be pricey, therefore users devised a workaround where they transferred the NFT to another wallet, thereby canceling the listing.

OpenSea didn’t address the issue when it was reported.

Related article | BitMart Leaves Users On Read As Victims Of Hack Await Refunds

Users can see if their listing has been removed from Rarible, another NFT marketplace that makes use of OpenSea’s API. According to the user, the flaw was reported after the December occurrence, but no action was taken to resolve it.

Opensea BUG ETH

ETH/USD hovers above $2,400. Source: TradingView

It’s worth noting that this problem arose as a result of the intended design of OpenSea, a centralized service that uses decentralized coins. It’s difficult to classify this as a hack or even a bug. OpenSea informs consumers that this is how its service works, which has resulted in numerous scams. The OpenSea bug shows that it is a sloppy marketplace, and if users aren’t cautious to follow proper practices, they may be exploited by more savvy users.

Whether the OpenSea bug is  being treated as an open security flaw or a result of user error is currently unclear.

Featured image from Unsplash, chart from TradingView.com and Etherscan
Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Bitcoin Stands Tall: Crypto Remains 2024’s Best Asset Despite Q3 Dip

Even though the third quarter was tough, Bitcoin has been very strong in 2024, continuing to be the best-performing currency A new report from the New York Digital Investment Group (NYDIG) says that

Microstrategy Stock MSTR Set to Surge by 64% on Bitcoin Investment Bet, Analysts Say

Microstrategy’s stock is expected to soar by 64%, fueled by its bold bitcoin investment strategy, according to Bernstein analysts Michael Saylor’s leadership and the company’s

Experts Discuss What Made Solana Memecoins The Cycle’s Top Narrative

During this cycle, Memecoins, especially Solana-based ones, became the leading narrative of the crypto market These tokens have eclipsed investors’ attention and overshadowed the performance of

Chia founder alludes to Finney, Sassaman collab as Nick Szabo leads Polymarket bets for HBO Satoshi doc

Crypto bettors on blockchain-based prediction platform Polymarket are actively trading on the outcome of HBO’s upcoming documentary that claims to reveal the identity of Bitcoin’s

NEIRO, MEW Surge As Flockerz Soars Past $500K In Presale – Next 10X Meme Coin?

The Flockerz ($FLOCK) presale couldn’t be more magnetic, now boasting over $500,000 in total funding The new meme coin managed to scoop up another $100,000 from

Solana, Aptos gain ground on Ethereum’s 45% Web3 dominance

Ethereum retains 45% of the market share amid competition from Solana and Aptos, according to a recent report by ETC Group Solana, leading in bridged net flows with $1 billion in net inflows during