OpenSea Bug Allows Hackers To Steal More Than $1 Million In NFTs

Tyler Durden's Photo
by Tyler Durden
Tuesday, Jan 25, 2022 - 03:50 AM

Premier NFT marketplace OpenSea may have successfully leveraged the NFT boom for a monster $13 billion valuation, but it's system is still riddled with security flaws, one of which was just successfully exploited by hackers, resulting in the theft of $1M in digital assets.

Elliptic reports that a bug on OpenSea's marketplace has played a role in at least three attacks. Hackers managed to use the bug to purchase at least 8 NFTs for much less than what was considered their "fair market value". All three incidents had occurred within a day of the report.

One of the attackers paid just $133K for seven NFTs by exploiting the bug - only to turn around and sell them immediately for $934K.

In another example, an NFT belonging to the Bored Ape Yacht Club series was bought for just 0.77 ETH (just $1,800 as of Monday morning). Many other members of the family have sold for around $200K.

The sale of that BAYC member caught the attention of other niche sources of crypto-related news and gossip.

As of 1000ET on Monday, the attacks appear to be ongoing.

This means OpenSea users might want to think twice before listing one of their precious blockchain gifs for sale, lest it be snatched up by a hacker for far less than you paid for it.

One Twitter user created a step by step breakdown of how the hacks unfolded:

And Novum Insights has produced an explanation describing how the bug works.

Here's how the bug works:

When users delist an NFT for sale, they are supposed to pay a ‘gas-fee’ to return the token to the owner's wallet. Recently, users discovered that by transferring their NFT to another ETH address, the NFT would seemingly be delisted without paying gas. However, this only removes the NFT listing from the platform’s front-end (the user-interface of the marketplace).

Opportunists were quick to discover that if the NFT in question was ever sent back to the original ETH wallet, it would still be purchasable on Rarible as the delisting gas-fee was never paid on OpenSea. More importantly, the bug causes OpenSea’s contract to scrape the NFT’s original listing price as the current listing price - this is what caused the BAYC NFT mentioned above to be purchased for less than $2,000.

On Saturday (22 January), OpenSea added a new feature that asks users to confirm whether they are sure they want to proceed when a listing is made far below the floor price of a collection. While this does not directly address the bug, it does lower the likelihood of NFTs being sold by mistake.

Unfortunately, even this didn't fix the problem. The world is still waiting to hear from OpenSea about the issue.