Bug on OpenSea allows a hacker to sell old listings for 332 ETH

2 years ago 357
twitter hackers

A recent report identified a bug in the OpenSea NFT marketplace. The vulnerability has enabled a threat actor to exploit users on the NFT marketplace by enabling them to buy some of the leading NFTs at previous prices.

Following this exploit, the hacker has managed to walk away with 332 Ether tokens valued at around $754,000.

Bug detected on OpenSea

The vulnerability was popular among some of the leading NFTs in the market, including the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC). The hacker managed to buy these NFTs at low prices when they were first listed and later sold at high ongoing market prices.

The NFTs affected in this incident include BAYC #9991, BAYC #8924 and MAYC #4986. The hacker behind this exploit is a user on the marketplace under the name jpegdegenlove. OpenSea has not issued a statement regarding this bug.

Not the first incidence on OpenSea

This is not the first incidence on OpenSea. On December 31, a similar bug was detected in the platform. This bug was caused by transferring assets from the OpenSea wallet to another wallet. This transfer was done without the listing being cancelled on the marketplace.

A post on Twitter stated that when users list their assets on OpenSea and decide to cancel the listing, they are usually charged a high fee, and the asset’s value drops significantly. However, users that want to cancel their listings have found a way to avoid this fee.

1/ Recently there's been an @opensea exploit that has allowed for assets to be purchased at greatly discounted prices, including 3 freshdrops passes, a BAYC https://t.co/8pEgeXkOBo, multiple MAYCs, and more. I did some research this morning and here's what's happening -> a 🧵👇

— cap10bad.ΞTH | freshdrops.io (@cap10bad) December 31, 2021

A user can transfer the asset they want to cancel into a different wallet. This will automatically remove the listing from OpenSea. However, the asset will remain on the marketplace using the OpenSea API.

The bug preventing transferred assets from being delisted from the marketplace was detected in December, but the marketplace is yet to issue any patches. The boom in non-fungible tokens has attracted many users to the sector, and the number of scams could soon rise as hackers seek to take advantage of the new slot of buyers wanting to join the craze.

La notizia Bug on OpenSea allows a hacker to sell old listings for 332 ETH era stato segnalata su Invezz.

Read Entire Article