OpenSea under attack: hacker takes advantage of error in NFT market and takes more than USD $750,000 – DiarioBitcoin

Texas could raise funds through NFT and harness 'abundant' energy to mine Bitcoin

OpenSea under attack: hacker takes advantage of error in NFT market and takes more than USD $750,000 - DiarioBitcoin For Hannah Perez

A breach in OpenSea allows malicious actors to “buy” NFTs from collectors at discount prices and then resell them. The issue appears to be related to the offer cancellation feature on the platform.

***

According to reports, the main market for tokens non-fungible (NFT), Open Sea, is under a hacking attack that has allowed a malicious actor to mine hundreds of dollars worth of ethereum (ETH).

It seems that an error in the platform is causing anguish to several digital art collectors, who have taken to Twitter this Monday to report the loss of some of their NFTs. Multiple users of Open Sea have reported on the social network that their NFTs have been sold at discount prices, even though they were not for sale in the market.

A collector identified under the pseudonym TBALLER.eth wrote in a tweet that your NFT series Bored Ape Yacht Club had been sold in Open Sea for 0.77 ETH ($1,700) even though it was not for sale. It should be noted that the price is well below current values ​​for a collectible of Bored Ape Yacht Club, whose cost is around 86 ETH, or about $190,000.

Malicious actor takes advantage of the bug to make a fortune in NFT

Amid user complaints, security and analytics company blockchain, PeckShield, confirmed the security flaw and noted that it was possibly related to the user interface of OpenSea.

The report adds that at least one user has taken advantage of the current bug to amass a fortune of 332 ETH, currently valued at around $730,500. Updated Blockchain Data ethereum they suggest that this figure currently stands at 347 ETH, or more than $760,000.

In accordance with CryptoBriefing, the issue could be related to the working of the NFT listing mechanism on the platform. To list an NFT for sale on Open Sea, users must sign an order that allows them to list the item for free. Anyone who wants to buy that NFT can use that signature to complete the transaction at the price set on the chain at any time.

See also  Valkyrie will launch its first ETF linked to Bitcoin mining through NASDAQ tomorrow - DiarioBitcoin

But if they want to cancel the listing, they will need to sign a separate transaction that records the order as invalid on the chain, an action that can incur high fees. As a way to save on network transaction fees, many collectors opt to simply transfer the NFT to an external wallet, or have the NFT removed from the site interface.

However, it appears that this procedure does not cancel the sell order. Because of this, when a collector moves their NFTs back to their original wallet, the list becomes visible or put up for sale on rare, another NFT marketplace that also uses the API of Open Sea. This allows anyone to buy the NFT at the original price, even if the owner did not intend to sell it.

Thus, the bug appears to allow the exploiter to buy the NFTs at old selling prices and then sell them on the market at current trading prices.

OpenSea has not confirmed the attack

At the time of editing, the team behind Open Sea has not made any official announcement about the breach. It seems that the attack has been mainly directed at collectors of successful series such as Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC); however, collectors of other series have also reported losses.

See also  "Cryptocurrencies are very important for the future of finance beyond their price", says CEO of PayPal - DiarioBitcoin

The creator of the NFT project SavePlanetEarth, who identifies himself on Twitter as Hustler, shared a list of some of the NFTs the attacker has stolen so far. In the list you can also see NFTs from collections such as CyberKongz Y cool cats.

Cointelegraph noted that a previous hacking attack saw a similar scenario in late December. At the time, a user reported the bug, although it appears that the platform did not take any action to fix the vulnerability. At this time, the true extent of the damage related to the most recent attack is unknown.


Recommended reading


Sources: Twitter, CryptoBriefing, Cointelegraph, cryptonews,

Article versioned by Hannah Estefanía Pérez / DailyBitcoin

Image edited from Unsplash

WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.

See also  Data shows that Bitcoin inflation is 5 times below that recorded by the US dollar - DiarioBitcoin

Leave a Comment

Your email address will not be published.