OpenSea Bug Allows Attacker to Get Massive Discount on Popular NFTs

A bug on the non-fungible tokens (NFT) marketplace OpenSea has allowed an attacker to get away with massive discounts on several NFTs and make huge profit.

The bug, which was discovered as early as Dec. 31, 2021, allowed the attacker to buy NFTs at older, lower prices, and sell them for a hefty profit. The attacker’s wallet holds 347 ether ($770,000) at the time of writing. An OpenSea user called jpegdegenlove appears to be behind the sales.NFTs are digital assets on a blockchain that represent ownership of virtual or physical items. OpenSea is one of the biggest marketplace for NFTs.Some users have been transferring their listed assets to other wallets to take them off the market place whilst avoiding the delisting fee, founder of NFT project freshdrops_io tweeted back in December.But even though the item may appear to be off the OpenSea frontend, it is still accessible on OpenSea APIs and Rarible, another NFT marketplace.CoinDesk could not reach OpenSea for comment on this story.One NFT from the popular Bored Ape Yacht Club (BAYC) collection was listed under its July 2021 price of 23 ether, and the attacker was able to sell it for 135 ether, making a quick profit of more than 100 ether, tweeted Tal Be’ery, CTO of ZenGo crypto wallet.Asked about the bug, an OpenSea Discord admin confirmed to CoinDesk that “if you had an open listing that you never cancelled, or didn’t hit its expiration, it still exists.””The thief had a bot to scan the blockchain for pending transactions that had low floor pending and bought them,” Joe Vargas, an influencer who also runs his own NFT project, told CoinDesk.Bored Ape Yacht Club, Mutant Ape Yacht Club, CyberKongz, and Cool Cats NFTs have been affected.One collector, who saw their BAYC sell for 0.77 ether, went on Twitter to express his shock when he realized his NFT had disappeared.

Yooo guys! Idk what just happened by why did my ape just sell for .77?????

— TBALLER.eth (@T_BALLER6) January 24, 2022

Read more: OpenSea Says It Patched an NFT Phishing Vulnerability

Leave a Comment