NFT marketplace bug undervalues tokens, helps exploiter nab $750,000

Published at: Jan. 24, 2022

A bug in the front end of popular nonfungible token (NFT) marketplace OpenSea has reportedly led to an exploit allowing users to buy popular NFTs at their previous listing price.

The bug seems to be prevalent with Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFT collectibles, where the exploiter managed to buy them at their old listing price and then sold them for the current market price. The affected NFTs include BAYC #9991, BAYC #8924, MAYC #4986.

A user named jpegdegenlove is suspected of exploiting the current bug and has reportedly profited 332 Ether (ETH) ($754,000). OpenSea didn’t immediately respond to Cointelegraph’s request for comment.

An earlier exploit on Dec, 31 saw a similar scenario, wherein a bug seems to arise from the transfer of assets from the OpenSea wallet to a different wallet without canceling the listing.

Related: Nifty News: FLUF World and Snoop Dogg fundraise, Adidas and Prada NFTs, WAX gifts 10M NFTs

One Twitter user explained that, when a user lists their collectible for auction on the OpenSea and decides to cancel it for some reason, the marketplace charges a significant fee and the floor price of the collectible also decreases. Users found a way around it and instead of canceling their sale, they transfer their asset to a different wallet which automatically removes the listing from OpenSea, However, the bug keeps the listing active through OpenSea’s API.

1/ Recently there's been an @opensea exploit that has allowed for assets to be purchased at greatly discounted prices, including 3 freshdrops passes, a BAYC https://t.co/8pEgeXkOBo, multiple MAYCs, and more. I did some research this morning and here's what's happening -> a

— cap10bad.ΞTH | freshdrops.io (@cap10bad) December 31, 2021

Users can check whether their listing has been removed on Rarible, another NFT marketplace that uses OpenSea’s API. The user claimed that the bug was flagged after the December incident, but the platform didn’t take any measures to address the issue.

NFTs exploded in popularity in 2021 with major brands and celebrities all hopping on the bandwagon, which has attracted an increasing number of scams.

Tags

Nft

Hackers

Investments

Security

Cointelegraph Nft

Related Posts

To change the art industry, NFTs must be more secure

2021 has already seen a number of eye-catching milestones reached for the nascent nonfungible token (NFT) market, which has seen an increase in value of 2,100% from Q4 2020, with consumers spending over $2 billion. While headlines have been dominated by record-breaking sales, what’s often overlooked is the growing demand from new investors. According to NonFungible, which tracks NFT transactions, there were 73,000 NFT buyers and 33,000 NFT sellers in Q1. Although these numbers may seem impressive, they are in fact relatively small compared to the global art market, which was valued at $64.7 billion in 2018, with the United …

Technology / July 3, 2021

BitsCrunch raises $3.6M in funding for NFT analytics tools

Crypto and nonfungible token (NFT) ecosystem analytics firm BitsCrunch has secured $3.6 million in a funding round led by Animoca Brands, Coinbase Ventures, Crypto.com Capital, and others. BitsCrunch uses AI-based analytical tools to determine the fair price of NFTs, identify wash trading warnings, and determine whether an NFT is a copy or forgery of the genuine asset. The company is based in Germany and India. The firm believes that investors in the continually growing space need better access to data that will protect them from fakes and getting fooled by ingenuine trading volume. We are excited to announce that we …

Nft / Feb. 25, 2022

Rare Bears Discord phishing attack nabs $800K in NFTs

Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project's Discord channel, stealing nearly $800,000 in NFTs. Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from various collections, including CloneX, Azuki, a “mfer” from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse. According to on-chain analysis, most of the NFTs were sold, netting the hacker 286 ETH, worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer …

Nft / March 18, 2022

Here’s how to prevent NFT theft, according to industry professionals

As nonfungible tokens (NFTs) attract more users, they also capture the eyes of scammers. Bad actors in Web3 have set their sights on digital collectibles, with millions being lost through scams and various attacks. However, according to professionals working in the Web3 space, there are multiple ways and tools to prevent being a victim of NFT theft. In addition, users can also take various actions after losing their digital collectibles to hacks. Ronghui Gu, the co-founder and CEO of blockchain security firm CertiK, told Cointelegraph that the first and most important step is always due diligence. “Avoid clicking on suspicious …

Nft / Jan. 31, 2023

Developers seek solutions for Web3-related scams from internet browsers

A big concern for users in decentralized finance (DeFi) involves the industry’s susceptibility to exploits. A report from Privacy Affairs revealed hackers stole $4.3 billion worth of cryptocurrency in the time period from January to November 2022 — a 37% increase from the previous year. Such exploits harm the integrity of companies and fuel skeptics from outside of the space in their case against cryptocurrencies. However, in a Feb. 2 announcement from Web3 Builders Inc., the company revealed a suite of tools to combat this issue. The initial browser extension TrustCheck was created to flag Web3-related scams before users continue …

Adoption / Feb. 2, 2023