On Monday, bug in the world’s largest NFT marketplace OpenSea allowed attackers to purchase at least $1 million worth of NFTs across multiple wallets for significantly below market price, according to blockchain analytics firm Elliptic.
A non-fungible token, or NFT, is a type of blockchain-based cryptocurrency that tracks the ownership status of digital content.
NFTs were sold below market price because of the OpenSea bug
A flaw in the market, however, allowed customers to acquire NFTs at prices that had been advertised prior to their expiration date without the owner knowing.
OpenSea did not immediately respond to a request for comment.
“The exploit appears to come from the fact that it was previously possible to re-list an NFT at a new price, without cancelling the previous listing… Those old listings are now being used to buy NFTs at prices specified in the past – often well below current market prices.”
-Tom Robinson, chief scientist and cofounder at Elliptic.
Despite the fact that such NFTs regularly sell for hundreds of thousands of dollars, an NFT of a cartoon ape from the Bored Ape Yacht club collection, Bored Ape #9991, was bought for 0.77 ether (around $1,747) on Monday.
The US-based company Yuga Labs created the 10,000 algorithmically generated cartoon ape NFTs known as Bored Ape Yacht Club.
It’s only been a few minutes since Bored Ape #9991 was purchased for 0.77 ether, but it has already been sold on for 84.2 ether (around $189,040), according to blockchain records seen on OpenSea, resulting in a profit of more than $187,000 to the buyer.
The initial owner of the NFT, who identified themselves on Twitter as “TBALLER.eth” (@T_BALLER6), posted their outrage at the transaction.
GUYS WHY DID MY APE JUST SELL FOR .77??????
— TBALLER (@T_BALLER6) January 24, 2022
According to Elliptic, at least eight NFTs have been stolen in this way, from eight different wallets, by three attacker wallets.
Before the bug was fixed, one person paid a total of $133,000 for seven NFTs and then sold them for $934,000 shortly afterward.
Robinson added that while crypto wallets are generally anonymous, they may be linked to the attackers if they convert bitcoin into fiat currency on an exchange. The OpenSea bug, on the other hand, may cause some buyers to hesitate when it comes to investing in NFTs.
OpenSea was established in 2017 and raised $13.3 billion in its most recent round of venture capital this year.
Biggest crypto-heists of 2021
Hacks have cost $2 billion from users of decentralized finance (DeFi) since 2020, according to Elliptic data.
“It’s not common to see marketplace-wide exploits. We do see individual users being hacked and having their NFTs stolen, for example through phishing attacks, but it’s not common to see something that affects potentially the entire marketplace.”
-Robinson