A bug on OpenSea, the non-fungible tokens (NFT) marketplace has allowed a number of attackers to purchase several high value NFTs with a massive discount and then sell them on making huge profits.

The bug was discovered as early as December 31st, 2021, and allowed the attackers to purchase NFTs at older, lower prices. Elliptic, a blockchain analytics firm, said that one attacker who goes by the name of jpegdegenlove “paid a total of $133,000 for seven NFTs before quickly selling them on for $934,000 in Ether. Five hours later, this ether was sent through Tornado Cash, a ‘mixing’ service that is used to prevent blockchain tracing of funds”.

Elliptic estimated the market value of the affected NFTs to be over $1 million, and has also said that Jpegdegenlove has partially reimbursed two of the victims, sending them back a total of $75,000 – however it’s unclear at this moment on how close that amount is to the full amount the victims lost.

Some collectors have been transferring their listed assets to other wallets, taking them off the marketplace while avoiding the delisting fee, but even though the item may appear to be off the OpenSea front end, it is still accessible via OpenSea APIs and Rarible, another NFT marketplace.

One of the assets targeted in the attack was one of the highly valuable Bored Ape Yacht Club (BAYC) assets. It was listed under it’s July 2021 price of just 23 ether, and the attacker was able to purchase at this price and then sell it for 135 ether, making a quick profit of 107 ether ($273,970).

“The thief had a bot to scan the blockchain for pending transactions that had low floor pending and bought them,” said Joe Vargas, an influencer who also runs his own NFT project.

When asked about the bug, an OpenSea Discord admin confirmed that “if you had an open listing that you never cancelled, or didn’t hit its expiration, it still exists.”.

One collector known as TBALLER.eth on Twitter, saw their BAYC sell for 0.77 ether and went onto Twitter to express his shock and disappointment when he realised his NFT had disappeared.

Share via:
LinkedInMessengerRedditTelegramWhatsApp