OpenSea refunded users over a bug that saw them sell NFTs at artificially low prices.
Bug costing NFT sellers millions
As previously reported, OpenSea users recently fell victim to an exploit that cost them $1.8 million ($2.5 million AUD). Hackers had made use of an internal system bug that allowed them to list valuable NFTs at previously much lower prices. By buying these NFTs at artificially low valuations, the NFTs turned out to be literal “steals” as hackers were able to resell them at much higher values.
OpenSea now reacted to this exploit by refunding 750 ether to over 130 wallets targeted in the exploit. This followed a major backlash over the company’s lack of response to the loophole. OpenSea had initially responded by stating that it was “not an exploit or a bug.” Instead, the company explained it as “an issue that arises because of the nature of the blockchain.OpenSea cannot cancel listings on behalf of users. Instead, users must cancel their own listings.”
Attackers may have already been found
Security researchers from Elliptic, a blockchain company, have already identified at least three hackers that purchased the underpriced high-value NFTs from some of the most valuable collections like Bored Ape Yacht Club, its sister project Mutant Ape Yacht Club, and Cool Cats. “jpegdegenlove,” as one of the hackers was called, paid about $180,000 AUD for seven NFTs but was able to sell them for almost $1.4 million AUD.
OpenSea has since responded by introducing a “Listings” tab to users’ interfaces, enabling them to monitor active and inactive NFT listings.
Will NFT exploits soar with the market value?
Crypto security exploits are part and parcel of the space. Some protocols like Cream Finance even have the dubious honour of being hacked more than once. Although crypto traders should by now be well aware of the crypto scams they need to look out for, NFT hacks are still comparably rare. Traders, however, may be asking themselves if that is about to change with the rising popularity of NFT projects.
With the NFT market picking up significantly in January, cybercriminals will go where the money is. Especially with many companies like Adidas, Nike, and Prada entering the space, NFTs are likely to generate a lot of interest from retail traders, who, unfortunately, do not always follow security best-practices. Compared to rare real-world art, NFTs are pretty “easy” to steal, as sometimes not even companies like Opensea are fully aware of the loopholes they leave.
Like regular crypto accounts, NFT traders should follow some basic rules to keep their NFTs safe. Cold storage in hardware wallets is a must for valuable projects like BAYC, but traders should also look to have a separate wallet for their NFTs, different from their “standard” crypto wallet. However, it will also be up to companies and projects in the NFT space to hold up their end of the deal at the end of the day. More competition for sites like Opensea is likely a good first step towards forcing incumbents to up their security game.
