OpenSea is fixing bugs that cause NFT lists to remain on the blockchain, even if users change the wallet they are in.
OpenSea, the NFT marketplace, is not content with the status quo. After recent user interface issues that caused some users to lose huge amounts of money, OpenSea is launching a new system to help users remove old NFT sales offers.
The upcoming changes will ensure that old listings expire. They will allow users to cancel all outstanding contracts without incurring high gasoline fees. Multiple downgrades can be performed at very low gas fees. The change, which will make signatures clearer and the terms of smart contracts easier to understand, will be rolled out in the next 14 days. Users will be invited to move their accounts to the newer system.
The wallet solution does not remove NFT from the blockchain
Previously, users who wanted to list NFTs at newer, higher prices would not take them offline, but rather transfer them to a new wallet and then back to the old one. Taking them offline would cost tens to hundreds of ETH in gasoline, something that listers were not willing to pay. This is the reason for using the wallet workaround. Some attackers (at least 5 of them) took the opportunity to "buy" NFTs at a price well below the current price of the previous listing and resell them for a profit. The wallet workaround removed the list from the front end of OpenSea. However, the list is still valid on the ethereum blockchain and can apparently be accessed via the Application Programming Interface (API).
Early autopsy of the attack
OpenSea vowed to refund affected users almost immediately. They have already refunded 750 ETH to more than 130 wallet projects. OpenSea has also provided a "list" tab on user profiles, allowing them to view active and inactive lists.
According to blockchain security firm Elliptic, there were at least five attackers. One of them, "jpegdegenglove," purchased seven NFTs for $133,000 and sold them for $934,000. Their funds were passed through TornadoCash, which is a non-reverse and therefore difficult to trace the origin of the funds on the blockchain. It obscures the link between the source and the target of the transaction. Jpegdegenlove sent 20 ETH and 13 ETH in compensation to the two victims.
Another attacker purchased the Mutant Ape Yacht Club NFT for $10,600 and later sold it for $34,800. The set of NFTs affected by the API exploit are Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats, and Cyberkongz NFT.
What do you think about this topic? Write to us and tell us
All information contained on our website is published in good faith and for general information purposes only. Any action taken by readers with respect to the information on our website is entirely at their own risk.