A bug in the largest NFT (non-fungible token) marketplace, OpenSea, allowed attackers to buy at least $1 million worth of tokens across multiple different wallets at a significantly below-market price, the company said. blockchain analysis firm Elliptic this Monday (24).
A non-fungible token is a form of crypto asset, which records the ownership status of digital files on the blockchain, with a certificate of digital authenticity. OpenSea is the biggest marketplace for speculators and enthusiasts to trade NFTs, with $4.8 billion in sales volume through January.
But a market failure allowed users to buy certain NFTs at prices they had been listed for in the past, without the owner realizing they were still for sale.
OpenSea did not immediately respond to a request for comment.
This “appears to come from the fact that it was previously possible to re-list an NFT at a new price without canceling the previous listing,” said Tom Robinson, Elliptic’s chief scientist and co-founder.
“These old listings are now being used to buy NFTs at prices specified in the past — often well below current market prices.”
For example, an NFT of a cartoon monkey from the Bored Ape Yacht Club collection, Bored Ape #9991, was purchased for 0.77 worth of ether cryptocurrency (about R$9,591) this Monday, despite the fact that these NFTs are usually worth hundreds of thousands of dollars.
Bored Ape Yacht Club is a set of 10,000 algorithm-generated monkey cartoon NFTs made by US company Yuga Labs.
About 20 minutes after Bored Ape #9991 was bought for 0.77 ether, the asset sold for 84.2 ether (about R$1.04 million), according to blockchain records seen on OpenSea, giving to the buyer a profit of more than R$ 1.03 million.
The original owner of the NFT reported on Twitter shock over the transaction, which he said he had not authorized.
Robinson of Elliptic said he has identified eight NFTs stolen this way so far, from eight different wallets, by three attacker wallets.
One person paid a total of $133,000 for seven NFTs exploiting the bug, before quickly selling them for $934,000, Robinson said.
He noted that while crypto wallets are often anonymous, attackers can be identified if they use an exchange to withdraw fiat currency.
As celebrities, investors and big brands flock to the NFT market, the OpenSea bug could give some buyers reason to take a break.
OpenSea was founded in 2017 and was recently valued at $13.3 billion in its latest funding round.
Data from Elliptic shows that since 2020, $2 billion has been stolen from decentralized finance (DeFi) users through hacks.
“It’s not common to see exploits across the market. We see individual users being hacked and having their NFTs stolen, for example, through ‘phishing’ attacks, but it’s not common to see something that potentially affects the entire market,” Robinson added. .
.
I have over 8 years of experience in the news industry. I have worked for various news websites and have also written for a few news agencies. I mostly cover healthcare news, but I am also interested in other topics such as politics, business, and entertainment. In my free time, I enjoy writing fiction and spending time with my family and friends.
