OpenSea Bug Allows NFTs to Be Bought at Undervalued Prices

By Riley ThompsonTechnology News

OpenSea Bug Lets Hackers Buy NFTs at Old, Lower Prices

Media outlets have reported that an unknown attacker exploited a vulnerability in the backend of OpenSea, the largest NFT marketplace, to purchase NFTs at outdated, lower prices and then resell them for a profit.

According to blockchain analysts at PeckShield, the hacker has already “earned” at least 332 Ethereum (about $745,000) using this method. Meanwhile, analysts from Elliptic report that the attacker has resold seven NFTs in this way, making around $934,000 in profit.

How the Vulnerability Works

The issue with NFT pricing was first discovered by DeFi Orbs developer Rotem Yakir. He found that users could list NFTs for sale on OpenSea, then cancel the listing, update it, and relist the item at a new price. The problem was that the old listing with the original price could still be accessed through the OpenSea API, even if it was removed from the main site.

On Twitter, Yakir blamed OpenSea’s developers for the bug, saying they allowed some listings to be managed using both on-chain and off-chain settings, which led to certain items being processed incorrectly.

Yakir’s findings were soon confirmed by Tal Be’ery, CTO of the ZenGo crypto wallet. According to Be’ery, the attacker managed to “earn” 100 Ethereum (about $225,000) from just one NFT.

Victims and Community Reaction

One of the victims of this attack is an NFT collector known as TBALLER. He wrote on Twitter that his NFT, Bored Ape #9991, was sold at the low price of 0.77 ETH (about $1,775). Almost immediately, the buyer, using the nickname jpegdegenlove, resold the NFT for 84.2 ETH, or nearly $200,000.

“Yoooo, guys! I don’t know what just happened, but my ape was just sold for 0.77???? I just lost my ape, guys… I’m crying… How could this happen????” wrote a bewildered TBALLER.

OpenSea’s Response and User Recommendations

So far, OpenSea representatives have not commented on the situation, and it is unclear whether the issue has been resolved. In the meantime, Yakir recommends that all OpenSea users who have updated prices in their listings move their NFTs to a new wallet to prevent their items from being sold to hackers at undervalued prices.

Leave a Reply