OpenSea Reimbursing The Affected User of Recent Exploit and Implementing New Measures to Keep the Issue in Check
Evening
Non-fungible tokens (NFT) marketplace OpenSea is reimbursing users affected by a loophole that allowed people to buy NFTs at price way below their true price.
Apparently the bug/loophole was there for weeks as it was reported by a user in tweet on January 1st, 2022. But the serious exploitation of the flaw took place two days ago as 8 NFTs valuing about $1 million were bought at fraction of the cost.
One user tweeted that his NFT was bought at 0.77 Eth($1800) without any listing and than quickly resold by exploiter at 84.2 ETH ($192,400). This yielded the exploiter a profit in excess of $190,000.
Another exploiter going by the name bought seven NFTs for $133,000 and quickly sold them $934,000. Later on the profits were laundered using Tornado Cash to avoid traceability.
The exploits were basically due to ability to relist NFTs for sale without cancelling the previous listing. This creates a mismatch between information available on NFT smart contract and information shown by OpenSea interface. So if even user canceled their latest listing on OpenSea interface, old listings were still active on blockchain(not displayed by OpenSea), which exploiters took advantage of.
OpenSea users sells their NFTs on platform by using a list price. If the buyer pays the listing price the NFT is transferred to their account. The users also revise their NFT listing prices from time to time, but this whole relisting may cost hundreds of dollars in gas fees. So to avoid paying the heavy gas fee user found a way around , i.e. transferring listed NFTs to some other wallets and retransferring it back which removes the listing on OpenSea. This process removed the listing on OpenSea interface frond end but the original listing remained active on blockchain which exploiters have used to purchase NFTs too cheaply.
OpenSea declared this an issue inherent to the blockchain and said they cannot cancel previous listings on user's behalf, as user will have to cancel previous active listings themselves.
To handle the UI interface flaw OpenSea have introduced a new listing manager that displays user's all previous active on chain listings that can cancel in one click.
OpenSea will also deploy two new feature soon, first notifying the user transferring NFTs with active listing out of their wallet and second is emailing the user if they transfer NFT to other wallet with active listing.
Meanwhile, OpenSea have been reaching out to affected user to reimburse them and they have been doing it quietly to avoid attracting attention of more bad actors.
Posted Using LeoFinance Beta
This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.
Do you know that you can earn a passive income by delegating your Leo power to @india-leo account? We share 100 % of the curation rewards with the delegators.
Please contribute to the community by upvoting this comment and posts made by @indiaunited.