Hacker Exploits OpenSea Flaw And Buys NFTs For Low Prices


OpenSea: One of the most traditional platforms for buying and selling non-fungible tokens (NFTs), OpenSea has a serious vulnerability that allows the acquisition of digital items at previously listed prices – and which were normally lower.

The case became known after different complaints from developer Rotem Yakir and cybersecurity expert Tal Be’ery, who detected suspicious activity when analyzing NFT transactions on the blockchain.

According to reports, the flaw is front-end and is in the OpenSea API, which keeps old price listings for the same NFT relatively accessible. In this way, the criminal is able to purchase a token at the oldest price and resell it for a much higher value, pocketing a high profit in the process.

In the case detailed by Be’ery, an NFT from the popular Bored Ape Yacht Club collection was purchased for “only” 22.9 Ethereum on January 24, but using a price that was listed in June 2021 — when the NFTs were even lower. popular and therefore cheaper.

In less than half an hour, the token was resold for 130 Ethereum. At the time of the transaction, this means a profit of around $225,000, but up to $745,000 could already have been made by criminals who exploited this flaw.

Previously, the same monkey arts NFTs with different colors and accessories have already been the target of a fake image selling scam.

According to The Record website, OpenSea has so far not publicly commented on the case. Holders of NFTs sold on the platform who have already changed the value of their items must change the virtual wallet connected to these tokens to prevent the bug from being used with their collection.