Attackers Exploit OpenSea Loophole to Snatch and Resell Rare NFTs

One attacker paid roughly $133,000 for seven NFTs before quickly flipping them for $934,000 worth of ether

by Morgan Chittum /
article-image

Blockworks exclusive art by Axel Rangel

share

key takeaways

  • Coding bug enabled attackers to buy NFTs at previous sale prices and flip them for substantial profit
  • At least three attackers exploited users, according to blockchain analytics firm Elliptic

A bug in the OpenSea NFT marketplace has enabled hackers to snatch up rare NFTs from owners for far below market value and resell them for hefty profits. 

At least three attackers exploited a bug on the marketplace, making away with over $1 million as of Monday, according to blockchain analytics firm Elliptic. One of the alleged opportunists bought a Mutant Ape Yacht Club NFT for $10,600 worth of ether, selling it hours later for $34,800 worth of ether.

“The exploit appears to originate from the ability to re-list an NFT at a new price, without canceling the previous listing,” Elliptic said in a report. “Those previous listings are now being used to purchase NFTs at prices specified at some point in the past — which is often well below current market prices.”

One attacker, who goes by “jpegdegenlove” online, paid roughly $133,000 for seven NFTs before quickly flipping them on the platform for $934,000 worth of ether. 

Suspicious activity picked up over the past day but the bug has been present for weeks and was flagged in a Jan. 1 tweet. The marketplace was exploited over eight times in a roughly eight-hour-span on Monday morning. A wallet address associated with multiple purchases has made a total profit of $878,288 worth of ether from the exploit, according to blockchain analytics provider Nansen

“The fact that a user could buy at previous prices and flip NFTs without any form of verification points to the centralization issue in NFTs as they stand right now,” Jenna Pilgrim, CEO of blockchain media licensing startup Streambed, told Blockworks.

“OpenSea does a great job at creating a solid user interface, but unfortunately does so at the cost of security,” she added. 

In a turn of events, “jpegdegenlove” later compensated two of their victims, transferring them a combined total of $75,000 worth of ether, according to Elliptic. 

Charles Guillemet, CTO of hardware wallet developer Ledger, said that it is currently not safe for NFT holders to have their assets listed on OpenSea. “It’s very difficult to use this platform securely right now,” he said on a Twitter space Monday. “The only thing we can do is to mitigate the risk.”

OpenSea has yet to publicly address the exploit and did not immediately respond to Blockworks’ request for comment on the matter.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Permissionless III Hackathon

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

learn more

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

learn more

recent research

Research Report Templates (1).png

Research

Why Solana Mobile Should 100x Their Phone Production

Solana Mobile is a highly ambitious foray into the mobile consumer hardware market, seeking to open up a crypto-native distribution channel for mobile-first applications. The market for Solana Mobile devices has demonstrated a phenomenon whereby external market actors (e.g. Solana-native projects) continuously underwrite subsidies to Mobile consumers. The value of these subsidies, coming in the form of airdrops, trial programs, and exclusive NFT mints, have consistently covered the cost of the phone and generated positive returns for consumers. Given this trend in subsidies, the unit economics in the market for Mobile devices, and the initial growth rate and trajectory of sales, it should be expected that Solana mobile can clear 1M to 10M units over the coming years. As more devices circulate amongst users, Solana Mobile presents a promising venue for the emergence of killer-applications uniquely enabled by this mobile-first, crypto-native distribution channel.

by Luke Leasure

/

news

article-image

Markets

Gox Watch: Repayments now 39% complete with $5.4B left to go

Mt. Gox has made decent headway with repayments, but they could ramp up from here

by David Canellis /
article-image

Business

Ledger doubles down with second touchscreen-focused product

Firm known for crypto hardware wallets set to bring another touchscreen option to consumers

by Ben Strack /
article-image

Analysis

Empire Newsletter: Crypto’s next wave of smart money

Plus, BlackRock’s BUIDL is paying out steady yield — and those dividends are growing

by Katherine Ross&David Canellis /
article-image

DeFi

Jito unveils code for Solana restaking network

Solana’s biggest liquid staking provider takes a meaningful step towards restaking

by Jack Kubinec /
article-image

DeFi

Blast incentives aim to attract strong devs, as value leaks

BLAST token skids as Season 2 points plan earns mixed reviews

by Macauley Peterson /
article-image

Analysis

On the Margin Newsletter: Behind the most important economic paper of the year

Plus, a look at the top asset-gathering ETH ETFs after two days of trading

by Felix Jauvin&Ben Strack&Casey Wagner /