A glitch in OpenSea’s user interface allowed hackers to resell NFTs of at least 14 accounts without owners’ consent, but OpenSea refuses to talk about a bug

A massive number of high-value NFTs, including many tokens from the “Bored Ape Yacht Club” collection, have been defrauded from their owners in the past month – further bolstering the arguments of those put off by this technology. The thieves reportedly discovered a “trick” on the OpenSea Marketplace that allowed them to buy NFTs at well below their real price and resell them with “windfall” profits. OpenSea said it was trying to refund users, but many of them seem to be exasperated by the platform’s repeated problems.

The uproar reportedly began about two weeks ago when an OpenSea Marketplace UI pattern allowed savvy opportunists to snatch non-fungible tokens (NFTs) from their owners at a price well below the value of the market. market and resell them with big profits. According to investigators, at least three attackers exploited the method, seizing more than a million dollars on Monday January 24th. One of the alleged opportunists purchased a Mutant Ape Yacht Club (MAYC) NFT for $10,600 ether, reselling it a few hours later for $34,800 ether.

MAYC is a derivative of BAYC (Bored Ape Yacht Club), a collection of 10,000 monkey avatars that individually serve as tickets to an online social club. It is one of the hottest brands in the NFT space. And today, BAYC NFTs have generated over $1 billion in total sales. For example, rapper Eminem spent $462,000 to buy a monkey that looks like him. Critics called the BAYC project “cynical”, accusing it of being more of a showcase of wealth than an art. The current minimum cost of a BAYC NFT is around 70 ether, or around $183,194.

Most of the victims of this theft appear to have been BAYC and MAYC collection token holders. Another user, who goes by the name “jpegdegenlove” online, paid around $133,000 for seven NFTs, before reselling the digital collectibles on OpenSea for $934,000 in ether. In addition, OpenSea investigations and a list published by an affected user group indicate that there have been at least 14 cases of NFT BAYC and MAYC reselling. The list lists the addresses of users’ wallets with the lists associated with collectible cryptocurrencies.

Later, OpenSea said in a statement that the company has “actively contacted and refunded affected users”, and is taking the matter “incredibly seriously”. However, he did not specify the exact amount that was returned to users. The company said it was keeping a low profile on the matter to avoid warning “bad actors who could abuse it on a large scale”. On Monday, an OpenSea spokesperson said 130 wallets, totaling 750 ether or around $2 million, were redeemed. Robert Garca, a victim, said OpenSea refunded him 13.8 ether, or about $36,395.

She added that it allowed her to buy a digital collectible that was “even better than the one he originally lost”. Losing my Ape was a better blessing in disguise! It really showed the impact of the NFT community when they come together for a cause. When I lost him, I felt alone and didn’t know what to do. All it took was one tweet for thousands of people from the NFT community to come to my aid,” Garca said. Another victim of the incident, who calls himself Jacob, said his 62-year-old father Ron lost his NFT on January 29.

My family and I are devastated by what happened and by the total disregard for user safety displayed by OpenSea. We are still eagerly awaiting a resolution to this issue,” Jacob said. This situation is another example of NFT theft – and an addition to the long list of cryptocurrency scams. Of course, this is part and parcel of running a digital and decentralized financial system, where people want to escape the regulatory bodies that can prevent such things from happening. Others were angry with OpenSea.

Some victims adorned their avatars with “BrokenSea” and “Lost Ape” shirts. Sources familiar with the matter report that there is talk of potential legal action against OpenSea. OpenSea drowned us and we lost everything. The price of monkeys is increasing every day, which makes us more concerned and worried that we can’t buy them back,” said an affected user, who goes by the name “@bored_belle” on Twitter. He added that he hopes things will get back to normal soon. According to investigators, the incident is due to a problem in the way OpenSea handles the registration of NFTs.

The feat appears to come from the ability to re-list an NFT at a new price, without undoing the previous listing. These previous listings are now used to buy NFTs at prices specified at some point in the past, which are often well below current market prices, said blockchain analytics firm Elliptic. But OpenSea said this is not an exploit or a bug, but rather a UI issue that occurs when a user creates a list and then transfers the NFT to a different wallet. to avoid gas charges if a list is rejected.

This is not really different from a bug, however. According to Jenna Pilgrim, CEO of blockchain company Streambed, the fact that a user was able to buy NFTs at past prices and resell them without any form of verification highlights the problem of centralization of NFTs in their current state. OpenSea does a great job of creating a solid user interface, but unfortunately does so at the expense of security, she added. OpenSea announced last week that – in addition to reimbursing users – the platform would be working on improvements to mitigate similar risks.

Potential solutions include a new dashboard for its marketplace and changing the default signup term from six months to one month. It is very difficult to use this platform safely at present. The only thing we can do is mitigate the risk,” Charles Guillemet, CTO of hardware wallet developer Ledger, tweeted on Monday.

And you?

What is your opinion on the subject?
What do you think of repeat thefts in the NFT universe?

See as well

All My Monkeys Gone: Thieves Rob Gallery Owner’s Multi-Million Dollar NFT Collection, Suspected of Phishing Attack

Hackers Steal Content From Crypto Wallets By Sending Free NFTs To Users Of OpenSea, The World’s Largest NFT Marketplace

It’s hard for the average person to fathom how useless NFTs are, according to Holden Shearer, a video game designer

Thailand bans meme-based cryptocurrencies and NFTs: No clear purpose or underlying value, says the country’s Securities and Exchange Commission (SEC)

Leave a Reply

Your email address will not be published.