Vulnerability makes NFT rare to be sold at 99% “discount”

THE OpenSea is the largest NFT marketplace in the world, being the platform for the purchase and sale of different successful collections within the sector. However, for some the platform has given a certain headache, and now a vulnerability allowed a hacker attack to “steal” more than BRL 4 million, mainly affecting sales of the collection Bored Ape.

Alerts began through social networks, with profiles warning that apparently, a vulnerability in the OpenSea front-end allowed a hacker to steal about 332 Ethers, about 4.3 million reais.

Soon after, the first reports of how the possible hacker attack works began.

According to some users, a bug in the OpenSea front-end allows attackers to be able to buy collections using old listing values, that is, it is possible to buy NFTs well below the current price of a collection.

User regrets loss

One of the main collections affected by the exploit was the famous Bored Ape, with hackers managing to pay only 1700 dollars in NFTs that usually cost 200 thousand dollars.

One of the owners of an NFT Bored Ape took to Twitter to vent about having “lost” one of his NFTs.

“I just lost an Ape, guys… I’m crying… How did that happen?

TBallerr owned Ape 9991, which because of the OpenSea exploit was sold for just 0.77 Ethereum (about US$1,700), next to nothing compared to the minimum price of the collection, which hovers around US$200,000.


Apparently the exploit works because of a shortcut that some were using on the OpenSea platform. When a user wants to remove an NFT from the listing, they have to pay a fee (sometimes a very high fee).

However, as many do not want to pay this fee, they took another path: They sent the NFT to another address and the listing is automatically removed.

And this is where the problem started: Despite the listings disappearing on OpenSea, the truth is that it is still active through the platform API. And it was precisely through these “ghost listings” that many NFTs were “stolen” from their owners, being bought for much lower values ​​than what they were really worth.

cancel listings

TBaller’s Ape buyer, identified as jpegdegenlove, was also able to buy the Bored Ape 8924 for 6.66 ETH and the 8274 for just under 23 ETH, about $64K.

The market value of each is at least 86 ETH, around US$ 200,000. That is, he left a great loss for the former owners of the tokens.

At the moment the best thing to do for NFT collectors is to ensure that no NFTs are listed for sale through this exploit. One of the ways to do this is through the website, which uses the OpenSea API and allows you to see if there is a listing of your collections and by what value they are listed.

To completely cancel the listing you will need to pay network fees, but it’s better than losing your collection altogether.

About Yadunandan Singh

Born in 1992, Yadunandan approaches the world of video games thanks to two sacred monsters like Diablo and above all Sonic, strictly in the Sega Saturn version. Ranging between consoles and PCs, he is particularly fond of platform titles and RPGs, not disdaining all other genres and moving in the constant search for the perfect balance between narration and interactivity.

Check Also

Amazon to close bookstores and other physical stores | Technology

Amazon said on Wednesday it plans to close all 68 brick-and-mortar bookstores, kiosks and toy …