Elizabeth Howcroft
London (Reuters) – A bug in OpenSea, the largest NFT marketplace, allowed attackers to buy at least $ 1 million worth of NFTs in multiple different wallets at prices well below market prices, blocking. Chain analysis firm Elliptic said on Monday.
Non-fungible tokens (NFTs) are a form of crypto assets that record the ownership status of digital files on the blockchain. OpenSea is the largest market for speculators and enthusiasts to trade NFTs, with January sales of $ 4.8 billion.
However, market flaws allowed users to buy certain NFTs at previously listed prices without realizing that the owner was still on sale.
OpenSea did not immediately respond to the request for comment.
Tom Robinson, Elliptic’s Chief Scientist and Co-Founder, said:
“These old lists are currently used to buy NFTs at previously specified prices. Often well below the current market price.”
For example, Bored Ape # 9991, a cartoon APE NFT from the Bored Ape Yacht Club collection, was purchased Monday for 0.77 (about $ 1,747) in the cryptocurrency Ethereum, but such NFTs usually get hundreds of thousands of dollars. To do.
Bored Ape Yacht Club is a set of cartoon apes NFTs generated by 10,000 algorithms created by the US-based company Yuga Labs.
According to blockchain records seen at OpenSea, about 20 minutes after Bored Ape # 9991 was purchased for 0.77 ether, it sold for 84.2 ether (about $ 189,040), bringing profits of over $ 187,000 to buyers. I did.
The original owner of an NFT, who calls himself “TBALLER.eth” (@ T_BALLER6) on Twitter, tweeted a shock to the deal.
“Hey everyone! Idk What happened, why did my ape sell for .77 ?????”
“I didn’t list apes at all … Now I’m looking at the DM it sold at .77 ?????? Wtf ??????”
Robinson of Elliptic said he has identified eight NFTs stolen in this way by three attacker wallets from eight different wallets so far.
According to Robinson, one person abused the bug to pay a total of $ 133,000 to seven NFTs and soon sold them for $ 934,000.
He said cryptocurrency wallets are usually anonymous, but if an attacker uses an exchange to monetize into fiat currency, the attacker could be identified.
Why some buyers are suspended due to a bug in OpenSea as celebrities, investors and top brands flock to the NFT market and the sales volume and price of popular NFTs are growing tremendously. May occur.
OpenSea was founded in 2017 and was worth $ 13.3 billion in recent venture funding.
Oval data show that since 2020, $ 2 billion has been stolen from users of decentralized finance (DeFi) through hacking.
“It’s not common to see market-wide exploits. It’s true that individual users are hacked and NFTs are stolen, such as by phishing attacks, but we see things that can affect the entire market. I rarely do that, “added Robinson.
(Report by Elizabeth Howcroft, edited by Andrea Rich)
