NFT marketplace bug undervalues tokens, helps exploiter nab $750,000
The NFT marketplace bug was reportedly discovered on Dec. 31, which showed transferred NFTs as listed on OpenSea.
A bug in the front end of popular nonfungible token (NFT) marketplace OpenSea has reportedly led to an exploit allowing users to buy popular NFTs at their previous listing price.
The bug seems to be prevalent with Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFT collectibles, where the exploiter managed to buy them at their old listing price and then sold them for the current market price. The affected NFTs include BAYC #9991, BAYC #8924, MAYC #4986.
A user named jpegdegenlove is suspected of exploiting the current bug and has reportedly profited 332 Ether (ETH) ($754,000). OpenSea didn’t immediately respond to Cointelegraph’s request for comment.
An earlier exploit on Dec, 31 saw a similar scenario, wherein a bug seems to arise from the transfer of assets from the OpenSea wallet to a different wallet without canceling the listing.
Related: Nifty News: FLUF World and Snoop Dogg fundraise, Adidas and Prada NFTs, WAX gifts 10M NFTs
One Twitter user explained that, when a user lists their collectible for auction on the OpenSea and decides to cancel it for some reason, the marketplace charges a significant fee and the floor price of the collectible also decreases. Users found a way around it and instead of canceling their sale, they transfer their asset to a different wallet which automatically removes the listing from OpenSea, However, the bug keeps the listing active through OpenSea’s API.
1/ Recently there’s been an @opensea exploit that has allowed for assets to be purchased at greatly discounted prices, including 3 freshdrops passes, a BAYC https://t.co/8pEgeXkOBo, multiple MAYCs, and more. I did some research this morning and here’s what’s happening -> a
— cap10bad.ΞTH | freshdrops.io (@cap10bad) December 31, 2021
Users can check whether their listing has been removed on Rarible, another NFT marketplace that uses OpenSea’s API. The user claimed that the bug was flagged after the December incident, but the platform didn’t take any measures to address the issue.
NFTs exploded in popularity in 2021 with major brands and celebrities all hopping on the bandwagon, which has attracted an increasing number of scams.