On Monday, three attackers bought millions of dollars worth of digital assets on OpenSea, a marketplace for non-fungible tokens (NFTs) at a ridiculously high discount. The problem stemmed from a UI bug in OpenSea’s new Listing Manager, which caused popular NFTs to be sold at prices far below market value.
In an email to CoinDesk, a spokesperson for OpenSea said the issue had nothing to do with the exploited bug, but rather the nature of the blockchain itself. On Tuesday, the NFT marketplace rolled out a revamped new version of the list manager, adding a dashboard to display all of a user’s inactive lists, making it easy for those in need to undo them with one click.
A bug on NFT marketplace OpenSea is currently being exploited to purchase NFTs at well-below market value. One hacker paid $133k for seven NFTs, before quickly selling them on for $934k.https://t.co/E5YYr6CQ0R
— Tom Robinson (@tomrobin) January 24, 2022
Tal Be’ery, CTO of crypto wallet ZenGo, tweeted that the fix is only for new users’ processing on the web app, not the vulnerable contracts themselves. Older users who have relisted their NFTs on OpenSea in the past are still vulnerable to such attacks. But new users cannot relist their NFTs as long as they do not explicitly revoke their previous listings.
An OpenSea spokesperson added: “In addition to refreshing the dashboard, they have been actively contacting and compensating affected customers. As for the question itself, in order to arouse the curiosity and imitation of those with ulterior motives, they did not discuss it further.