The sellers mistakenly posted two offers on the blockchain with different prices and the hackers have obtained the NFTs for the lower price.
At the same time that the popularity of the blockchain market is growing, attacks on cryptocurrency platforms and NFTs are increasing. Just four days ago, Crypto.com lost 30 million in bitcoins and ethereum, now it is OpenSea that faces the theft of NFTs due to a failure in its own buying and selling operation.
Calling it theft, in this case, is subjective, as the hackers have paid for the images, only for a much lower price than the owners were asking for. A bug in the platform and a user error has led to a considerable reduction in the sale of the works, causing their owners to lose a lot of money.
Some NFTs have been sold for hundreds of thousands of dollars less than what was actually asked for them, the losses would exceed one million. The bug was discovered at the end of 2021 and several tweets have led some to take advantage of this gap in the operation. The question is whether it can be considered a security flaw or an error by users.
OpenSea users sell their NFTs through this website by setting a price on the page, which is shown to potential buyers. As blockchain technology works, when a buyer accepts the price, the work is immediately transferred , creating a smart contract.
IMPORTANT THREAD!
please RT to spread the word.there’s an OpenSea bug (shocking, i know) in their contract that allows people to exploit old listings and buy NFTs right from under you. here’s a story of what happened today & how you can make sure it doesn’t happen to you:
1/
— gino.eth 💽 (@GinoTheGhost) January 13, 2022
However, to raise or lower the price of a blockchain-certified image, it is not enough to change the cost on the OpenSea website . It is necessary to carry out a process to also modify it in the block chain and cancel the first offer, a procedure that supposes a “gasoline fee” for the seller, as it is usually called.
This fee can cost a user hundreds of dollars, which is why many are reluctant to do so and look for an alternative route. Some users resorted to transferring the NFT to another crypto wallet and then returning it to its original position with the price change. What they had not counted on is that this trick kept an entry with the previous price in the block chain , and another with the current price.
Losing money
Through the OpenSea API, some hackers have found access to these outdated offers and have been able to automatically buy the NFTs for their original price, much lower than what they indicated at the time. Owners have no option to decline the purchase, as this technology works.
The work “Bored Ape Yacht Club #9991”, one of the monkeys that is becoming the representative of this new market, was bought using this scheme for 0.77 ETH ($1,760) and quickly resold for 84.2 ETH ($192,400), using this tactic netted the cybercriminal $190,000 that was meant to go to the original owner.
The Verge points out that OpenSea is not giving much information about the bug and if it considers it a security problem on its website or an error by the users themselves. Although at the moment there would only be three cases, from CoinDesk it assures that the value of the stolen exceeds one million dollars .