On Thursday, NFT marketplace OpenSea shared that it reimbursed users $1.8 million after a feature on the platform was exploited to cause some of the platform’s most sophisticated customers to unknowingly sell their most valuable NFTs far below market value.
What happened?
Earlier this week, OpenSea discovered that hackers had exploited an internal system bug to “steal” more than $1 million worth of NFTs from the platform’s most sophisticated customers.
According to data provided by OpenSea, it refunded a total of 750 Ether to over 130 wallet items, coming after major backlash that it had failed to properly address the user interface feature allowing unknown third parties to buy over $1 million worth of NFTs on discount. The feature that enabled unknown opportunists to take advantage of this loophole, affected users who had transferred their previously listed NFTs to other wallets without cancelling the old listings.
Originally reported by blockchain security firm, Elliptic, the company said hackers exploited the bug to exploit this ability to buy previously listed NFTs extremely cheap at their previously listed prices, so that they in turn could sell at much higher market rates.
However, OpenSea responded stating that this was “not an exploit or a bug” but rather “…an issue that arises because of the nature of the blockchain. OpenSea cannot cancel listings on behalf of users. Instead, users must cancel their own listings,” according to ZDNet.
Now what?
Elliptic security researchers were able to identify at least three attackers who purchased at least eight NFTs for “significantly less” than their market value – specifically assets from several of the industry’s most reputable collections, including Bored Ape Yacht Club (BAYC), Cool Cats, and Mutant Ape Yacht Club.
One of the attackers identified, who went by the pseudonym ‘jpegdegenlove’ allegedly paid $133,000 for seven NFTs and subsequently sold them on the platform for $934,000 – a seven times increase in less than one day.
Since the issue was first reported earlier this week, OpenSea has announced via Twitter that it has added a “Lists” tab to users’ profiles that allows them to view active and inactive lists of their NFT items. .
The company also announced a $300 million Series C funding round earlier this month, which raises the company’s overall valuation to at least $13.3 billion, making incidents like this not only expensive – but detrimental to the company’s future longevity, security, and success.
