An attack purportedly discovered in the front end of prominent nonfungible token (NFT) marketplace OpenSea, allowing users to acquire popular NFTs at their prior listing price.
The exploiter appears to have purchased NFT items from the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) at their previous listed price and then sold them for the current market price. BAYC #9991, BAYC #8924, and MAYC #4986 are among the NFTs that are affected.
A person named jpegdegenlove suspected of profiting $332 Ether (ETH) ($754,000) by exploiting the present issue.
A flaw seems to occur from the transfer of assets from the OpenSea wallet to a separate wallet without the listing facing cancellation in a previous exploit on Dec. 31.
When a user posts a collection for auction on the OpenSea and then decides to cancel it, the marketplace levies a significant fee. And the object’s floor price drops as well. Users discovered a workaround. Instead of cancelling their sale, they transfer their asset to another wallet, which removes the listing on OpenSea immediately. However, due to a problem in OpenSea’s API, the listing remains active.
Users can see if their listing on Rarible, another NFT marketplace that uses OpenSea’s API, removed. The defect allegedly flagged following the December occurrence. But the platform did nothing to resolve the problem, according to the user.
In 2021, NFTs grew in prominence, with large businesses and celebrities jumping on board, attracting an increasing number of scams.