NFT marketplace OpenSea is communicating with and compensating people who accrued loss due to a bug that enables users to buy NFTs for much lesser than their actual cost and resell it for a handsome amount, said ZDNet.
Scammers seem to be exploiting a loophole with OpenSea to buy NFTs at a price much lower than its current listing, in some cases the original owners taking losses of over hundreds and thousands of dollars. Motherboard reported this incident first.
Blockchain security company Elliptic and several Twitter users came up to speak about it on Monday.
“It’s a subjective thing whether you consider this to be a loophole or a bug, but the fact is that people are being forced into sales at a price they wouldn’t otherwise have accepted right now,” The Verge quoted Tom Robinson, chief scientist and co-found of Elliptic as saying.
Elliptic said on Monday, “Since this morning, NFTs with a market value of just over $1 million have been purchased in this way.”
“Elliptic has identified at least three attackers who have purchased at least eight NFTs for much less than their market value, within the past 12 hours. These include Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats and Cyberkongz NFTs,” it added.
“One attacker, going by the pseudonym “jpegdegenlove” today paid a total of $133,000 for seven NFTs – before quickly selling them on for $934,000 in ether. Five hours later this ether was sent through Tornado Cash, a “mixing” service that is used to prevent blockchain tracing of funds. Jpegdegenlove also seems to have partially compensated two of their victims - sending 20 ETH ($45,000) to TBALLER and 13 ETH ($30,000) to Vault327. Another attacker purchased a single Mutant Ape Yacht Club NFT for $10,600, before selling it on five hours later for $34,800,” elucidated Elliptic.
“The exploit appears to originate from the ability to re-list an NFT at a new price, without cancelling the previous listing. Those previous listings are now being used to purchase NFTs at prices specified at some point in the past - which is often well below current market prices,” it said.
OpenSea has been trying to figure out solutions for the issue since it was identified, an OpenSea spokesperson said ZDNet.
“Since this issue was identified, we’ve taken it incredibly seriously and worked to ship product solutions for the community. This is not an exploit or a bug – it’s an issue that arises because of the nature of the blockchain. OpenSea cannot cancel listings on behalf of users. Instead, users must cancel their own listings,” ZDNet quoted the spokesperson as saying.
“It’s OpenSea’s priority to make users aware of all their listings, and we’re working on a number of product improvements to address this, including a dashboard where they can easily see and cancel listings. In addition, we have been actively reaching out to and reimbursing affected users. We have not communicated broadly about this issue because we did not want to risk bringing it to the attention of bad actors who could abuse it at scale before we had mitigations in place,” it spokesperson added.
According to ZDNet, it could not confirm “whether users can be reimbursed”.