NFT News

OpenSea Bug Allows Hackers to Steal Over $1M in NFTs

A Bug in the OpenSea made the marketplace vulnerable, hackers bought NFTs at steeply discounted prices.

Written By:
Rupal Sharma
Bug in OpenSea allowed hackers to buy NFTs

In Brief:

  • A bug in OpenSea allowed hackers to buy NFTs for much less than their market price.
  • Hackers after making a purchase, quickly sold the NFTs realizing profits of at least $1 million.
  • Opensea launched a new listings manager to fix the problem.

A bug in the largest NFT marketplace, OpenSea, allowed hackers to buy at least $1 million worth of NFTs across multiple different wallets for much less than their market value. Reportedly, at least three attackers are identified who stole around eight NFTs within the past 12 hours.

Bored Ape Yacht Club NFT #9991 which currently sells for at least $198,000, was bought by hackers for 0.77 ETH ($1,800). Twenty minutes later the attackers sold the NFT for 84.2 ETH ($196,000) – realizing a profit of $194,000. The activity was observed around 7 am yesterday.

One of the attackers, going by the pseudonym “jpegdegenlove” today spent a total of $133,000 for seven NFTs and quickly sold them for $934,000 in ether. Five hours later, the amount was sent through Tornado cash, a “mixing” service that is used to restrict blockchain tracing of funds.

Surprisingly, jpegdegenlove seems to have partially compensated two of their victims – sending 13 ETH ($30,000) to Vault327 and 20 ETH ($45,000) to TBALLER. 

Another hacker paid $10,600 for a single Mutant Ape Yacht Club NFT, before selling it for $34,800, five hours later. 

PackshieldAlert, a leading blockchain security firm Packshield’s real-time alerts bot, also informed in its tweet that OpenSea has a front-end issue and the attackers gained about 332 Ether. 

According to Tom Robinson, chief scientist and co-founder of Elliptic, the bug appears to come from the ability to re-list an NFT at a new price, without canceling the previous listing. Those previous listings then used to purchase NFTs at prices specified at some point in the past which is often much less than the current market prices.

In reaction to the bug exploit, Opensea also took measures. Just today, OpenSea informed via tweet that it has launched a new listings manager to fix the problem.

This is not the first time that OpenSea has suffered bug exploitation. In September, a bug was discovered by the ENS lead developer while making a personal transaction. The bug had destroyed around 42 NFTs worth a minimum of $100.000.

This month, considering sudden bug exploits, OpenSea and other NFT platforms introduced the NFT Security Group to prevent such attacks in the future.

TAGGED:
Avatar
By Rupal Sharma
Rupal Sharma is a creative technical writer, storyteller, and crypto enthusiast who can’t stop pressing cryptocurrency, blockchain, and DeFi concepts on others and has a knack for debating about NFTs and the metaverse. Her crypto spree began later in 2021, and she has never looked back since. When she’s not obsessively researching crypto space, she harnesses her superpower of holding an entire novel in her head, or a series, or multiple creative projects at once. She struggles to remember if she ordered a latte or a cappuccino, though.

Latest News

Follow US

Facebook X-twitter Instagram Telegram Linkedin