OpenSea Bug Undervalued Tokens And Let Hacker Steal $750,000

A bug discovered in the front end of the popular nonfungible token (NFT) marketplace OpenSea has allegedly resulted in an exploit. In the process, users managed to purchase popular NFTs at their previous listing prices. The NFT marketplace bug was said to be discovered on December 31, showing transferred NFT as listed on the OpenSea platform.

That bug appears to be prevalent with Mutant Ape Yacht Club (MAYC) and Bored Ape Yacht Club (BAYC) NFT collectibles, where the exploiter managed to acquire them at their old listing price and then sold them for the current market price. Most of the affected NFTs include BAYC #9991, BAYC #8924, MAYC #4986.

A user named jpegdegenlove is believed to have exploited the current bug and has allegedly profited 332 Ether worth ($754,000). OpenSea is yet to respond to the matter.

A previous exploit on December 31 saw a similar scenario where a bug appeared to have come from the transfer of assets from the OpenSea wallet to another wallet without canceling the listing.

Another Twitter user said that, when a user lists their collectible for auction on the OpenSea and decides to cancel it for one reason or the other; the OpenSea marketplace charges a considerable fee and the floor price of the collectible also drops.

The users discovered a way around it and instead of canceling the sale, they transfer their asset to a different wallet that automatically eliminates the listing from OpenSea. Nonetheless, the bug keeps that listing active via OpenSea’s API.

Users may check whether their listing has been eliminated on Rarible, which is another NFT marketplace that utilizes OpenSea’s API.

https://twitter.com/cap10bad/status/1476900859460169732

The user alleged that the bug was flagged after the December incident, but the platform never took any measures to address the issue.

NFTs exploded in popularity in 2021 with celebrities and major brands all hopping on the bandwagon that has now attracted a growing number of scams.