A reported vulnerability on the NFT Marketplace OpenSea means a user may have made profits in the hundreds of Ether. Here’s what you need to know.
Don’t ape this
PeckShield Alert shared the details of a “front-end issue” on OpenSea, one which allegedly let an exploiter earn at least around 332 Ether.
It appears that @opensea has a front-end issue and the exploiter gained about 332 Etherhttps://t.co/35kCB1n7nv
— PeckShieldAlert (@PeckShieldAlert) January 24, 2022
What is even more interesting is that Etherscan flagged the users’ address for unnatural activity.
While the exact technical details of the exploit are unclear, some users have theorized that it might be linked to delisted NFTs being moved from OpenSea to Rarible, possibly to avoid gas fees. Due to differences in the way prices are handled on the two interfaces, an exploiter allegedly bought delisted – but not fully cancelled – NFTs at low prices before selling them for huge profits.
One user was shocked when their NFT sold at a price far below its market value.
GUYS WHY DID MY APE JUST SELL FOR .77??????
— TBALLER.eth (@T_BALLER6) January 24, 2022
Another user referenced by Etherscan provided some tips for other OpenSea traders to keep their NFTs safe. This included properly cancelling de-listed NFTs when moving them between wallets.
Your #NFTs are at risk if you:
➀ Listed them on OpenSea
➁ Transferred them to another wallet without canceling the listing on OpenSea
➂ Sent them back to your original wallet later on
Exactly what @T_BALLER6 did in May 2021. pic.twitter.com/O3PVle1zHq— lut1 (@_lut1) January 24, 2022
When the vulnerability was being discussed as early as December 2021, one Twitter user who raised the issue claimed that OpenSea had not reached out to respond to concerns. While OpenSea recently unveiled a feature to warn users listing NFTs far below the market price, the NFT platform was yet to address the allegations of an exploited vulnerability at press time.
The developments come at a crucial time for the platform as it just announced that its API would be supporting Twitter’s latest NFT profile picture feature. The way in which OpenSea chooses to handle allegations of a vulnerability could set the tone for how new users perceive its services.
Stacking numbers
Analysts have been watching OpenSea’s progress with excitement as the NFT platform’s monthly volumes for January – over $4 billion – have already surpassed December’s stats by a huge margin.
It might seem natural to conclude from this data that Ethereum is seeing a formidable amount of NFT trading activity. However, on OpenSea [Ethereum], only 1,823,499 NFTs were sold in the month of January, at press time. When looking at OpenSea [Polygon], this number was 2,013,233.
As far as LooksRare is concerned – the OpenSea rival that stunned traders worldwide with much higher daily volumes – it’s essential to take note of another metric.
At press time, the number of LooksRare users was 490, compared to OpenSea’s 31,956.
Source: https://ambcrypto.com/as-users-gather-information-about-alleged-vulnerability-exploit-opensea-stays-silent/