OpenSea Faces Front-End Vulnerability, User Makes 347 ETH Exploiting It

article image

Arman Shirinyan

OpenSea faces a front-end vulnerability due to issues with API

Contents

  • Buy high, sell low
  • Rough week for NFTs

The leading blockchain security firm PeckShield has stated that the largest Ethereum NFT marketplace, OpenSea, is currently being exploited due to the vulnerability on the front end of the platform. Reportedly, a user was able to “steal” approximately 347 ETH from the platform.

An hour prior to PeckShield’s announcement, numerous users noticed that it is possible to buy various NFTs from OpenSea by prices previously listed on the Rarible platform.

The exploiter’s address is currently holding 347 Ethereum coins. Transactions in his or her wallet started to appear two hours ago. The first tracked transaction came from the cryptocurrency mixer. Funds received from the coin mixer were most likely used for the exploit.

Buy high, sell low

While the exploit did not require any work with backend or blockchain hacking, a user simply used the inbalance between the two orders on different platforms to gain value by buying a non-fungible for a significantly lower price than listed on OpenSea.

Etherscan Data
Source: Etherscan

The exploiting process was similar to arbitrage trading, where professional speculators use the difference in the asset’s price on two different exchanges to buy on one platform and sell on another at a profit.

But in this case, this would not have been possible without the initial vulnerability in OpenSea’s front-end structure.

Rough week for NFTs

While the NFT industry is still blossoming while another part of the crypto industry is bleeding, users are constantly facing problems tied to the functionality of platforms that are using the technology.

Previously, the NFT community noticed that almost anyone can get a verified Twitter profile picture by “right-clicking” and saving almost any NFT and then minting it as a separate collection on OpenSea without buying the actual piece.

Source: https://u.today/opensea-faces-front-end-vulnerability-user-makes-347-eth-exploiting-it