How Opportunists Grabbed More Than $1 Million in NFTs for Mere Thousands

Buyers used an OpenSea loophole to buy digital assets at hidden prices below the market.

The rule of thumb when shopping is to pay higher prices, not the older lower rate, which is the standard. What if you are able to find the older price?

OpenSea is the largest marketplace for non-fungible tokens (NFTs), and savvy opportunists were able to purchase more than $1,000,000 in NFTs at lower prices. This was possible by exploiting a bug that the platform had in its active listing system. Users who had previously listed their NFTs to another wallet were vulnerable to attack.

It allowed its exploiters to purchase NFTs at a lower price than their listed price and then sell them at higher market rates. According to Elliptic (a blockchain analytics company that discovered the anomalous transactions), the bug left NFT owners with thousands of dollars in losses.

Tom Robinson, founder and chief scientist of Elliptic, said that it’s almost like listing something on eBay. If you wanted to raise the price of something, you wouldn’t make a new listing while keeping the existing one. That listing would be replaced. This is the problem: people don’t cancel the original listing.

Robinson stated that sellers who wish to cancel their listing on NFT platforms must send messages over the blockchain. This requires them to pay transaction fees or “gas” fees.

NFT users often have multiple wallets. Robinson believes that some users may have been simply transferring their NFTs from one wallet to another to avoid fees. However, if those NFTs were transferred back to the original wallets then that listing (and its old sale price) becomes valid and can be used for buyers.

Bloomberg was informed by a spokesperson for OpenSea that the platform cannot cancel listings for users. Users must cancel their listings.
This loophole shows how costly mistakes made by crypto’s most wealthy customers can result from poor user experience decisions by the largest platforms. OpenSea stated that it was making interface improvements to “make users aware all their listings”, with more to come.

OpenSea data from Bloomberg News shows that user jpegdegenlove sold at least five NFTs and made at most 340ETH (or $800,000.00 at current prices). He exploited the OpenSea Bug to sell at least five NFTs. Three of these NFTs were from the Bored Ape Yacht Club. Cool Cats, Mutant Ape Yacht Club, and CyberKongz were all affected.

According to OpenSea data, the user behind jpegdegenlove purchased one Bored Ape yacht Club NFT for 0.77 ETH. He then sold it for 84.2 ETH. According to OpenSea data, they also purchased a Cool Cat for 3 ETH through a wallet account called “mario” before selling it for 10.99 ETH.

Bloomberg News reported that the user of the “mario wallet” said that he realized that his NFT was unwittingly sold when people started texting him asking why he had just sold his Cool Cat for only 3ETH, when the average price for the collection was around 12ETH.

According to the user, he has several wallets and had just transferred the NFT back to an account from a few days before. OpenSea showed the correct market price for the NFT. He claimed that he believed that an exploiter had retrieved a six-month-old price through the NFT’s contract.

Elliptic discovered later that jpegdegenlove appeared to have partially compensated some victims of the account.

Robinson, Elliptic’s director of security, said that he believes a lot is being put on the user to understand these systems. “There is a tension between whether the user really has the responsibility or whether marketplaces like OpenSea should share some of it to protect users against these types of exploits.

These exploit victims have no recourse except the goodwill of the crypto community. Carson Turner, Atlanta, discovered that two of his NFTs had been listed online from the Mutant Ape Yacht Club and Bored Ape Yacht Club collections. They were bought for 87 ETH each and 19 ETH respectively, which is the equivalent of $194097 and $42,959. This was considerably lower than the market price of 128 ETH or $285,696 for the first and 37 ETH respectively for the second.

The 38-year old aviation specialist was able to track down the buyers for this listing and purchased back his NFTs at 97 ETH (19 ETH). OpenSea was contacted by him and others took to social media to vent their anger at his losses. The NFT marketplace eventually reimbursed him for his money, and he lost only $700.

Turner stated that his situation was unique because he got his money back. “This seems to be more of an exception than the rule.”

OpenSea spokeswoman told Bloomberg that they have been “actively reaching out to and reimbursed affected users.”


Linking Shareholders and Executives :Share Talk

If anyone reads this article found it useful, helpful? Then please subscribe www.share-talk.com or follow SHARE TALK on our Twitter page for future updates. Terms of Website Use All information is provided on an as-is basis. Where we allow Bloggers to publish articles on our platform please note these are not our opinions or views and we have no affiliation with the companies mentioned
Share Talk
Share via
Copy link
Malcare WordPress Security