Saturday, March 30

Vulnerability makes NFT rare to be sold at 99% “discount”


A OpenSea is the largest NFT marketplace in the world, being the platform for the purchase and sale of different successful collections within the sector. However, for some the platform has given a certain headache, and now a vulnerability allowed a hacker attack to “steal” more than BRL 4 million, mainly affecting sales of the collection Bored Ape.

Alerts began through social networks, with profiles warning that apparently, a vulnerability in the OpenSea front-end allowed a hacker to steal about 332 Ethers, about 4.3 million reais.

Soon after, the first reports of how the possible hacker attack works began.

According to some users, a bug in the OpenSea front-end allows attackers to be able to buy collections using old listing values, that is, it is possible to buy NFTs well below the current price of a collection.

User regrets loss

One of the main collections affected by the exploit was the famous Bored Ape, with hackers managing to pay only 1700 dollars in NFTs that usually cost 200 thousand dollars.

One of the owners of an NFT Bored Ape took to Twitter to vent about having “lost” one of his NFTs.

“I just lost an Ape, guys… I’m crying… How did that happen?

TBallerr was a gift from Ape 9991, which because of the OpenSea exploit was sold for just 0.77 Ethereum (about US$ 1,700), almost nothing compared to the minimum price of the collection, which is around 200 thousand dollars.

Exploit

Apparently the exploit works because of a shortcut that some were using on the OpenSea platform. When a user wants to remove an NFT from the listing, they have to pay a fee (sometimes a very high fee).

However, as many do not want to pay this fee, they took another path: They sent the NFT to another address and the listing is automatically removed.

And this is where the problem started: Despite the listings disappearing on OpenSea, the truth is that it is still active through the platform API. And it was precisely through these “ghost listings” that many NFTs were “stolen” from their owners, being bought for much lower values ​​than what they were really worth.

cancel listings

The buyer of the TBaller Ape, identified as jpegdegenlove, also managed to buy the Bored Ape 8924 for 6.66 ETH and the 8274 for just under 23 ETH, around $64K.

The market value of each is at least 86 ETH, around US$ 200,000. That is, he left a great loss for the former owners of the tokens.

At the moment the best thing to do for NFT collectors is to ensure that no NFTs are listed for sale through this exploit. One of the ways to do this is through the website. orders.rarible.com, which uses the OpenSea API and allows you to see if there is any listing of your collections and by what value it is listed.

To completely cancel the listing you will need to pay network fees, but it’s better than losing your collection altogether.





livecoins.com.br