Major non-fungible token (NFT) platform OpenSea has denied hack allegations, saying that yesterday’s issue was related to user interface (UI) design.
“This is not an exploit or a bug – it’s an issue that arises because of the nature of the blockchain,” the OpenSea spokesperson told Cryptonews.com.
OpenSea detailed that the issue arises when users create listings for their NFTs and then transfer the listed NFTs to a different wallet without canceling the listing. The platform added that listings do not automatically cancel and also cannot be canceled by OpenSea.
“OpenSea cannot cancel listings on behalf of users. Instead, users must cancel their own listings,” OpenSea said, adding that it is “working on a number of product improvements including a dashboard where they can easily see and cancel listings” to address the problem.
The platform added that,
They “have been actively reaching out to and reimbursing affected users,” and they “have not communicated broadly about this issue because we did not want to risk bringing it to the attention of bad actors who could abuse it at scale before we had mitigations in place.”
OpenSea said that they have taken measures to prevent such incidents from happening again: they have changed the default listing duration from 6 months to 1 month, and have also added a dashboard that shows all inactive listings and gives users an opportunity to cancel each listing with a single click.
What's going on:
Listings made a long time ago are resurfacing when items transfer back into lister’s wallets.What we did:
We can't cancel these orders for listers, so to fix the problem, we launched a new listings manager today.https://t.co/jy2sUhaBUA pic.twitter.com/6b8lHmkEYN— OpenSea (@opensea) January 24, 2022
As reported, on Monday, security and data analytics company PeckShield tweeted that OpenSea seemed to be experiencing “a front-end issue.” Some users also argued that exploiters were able to buy NFTs for old listing prices, below the price floor.
Analytics firm Elliptic reported the issue as a bug yesterday. They estimated that as of January 24, NFTs with a market value of just over USD 1m were purchased by exploiting the bug. The firm said it identified at least three attackers who purchased at least eight NFTs within 12 hours by that point, “for much less” than their market value, including Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats, and Cyberkongz NFTs.
NFT collector Tballer is reportedly one of the affected users. The user saw his Ape selling for ETH 0.77, way below the collection’s floor price. Currently, the Bored Ape Yacht Club floor price is ETH 93. The buyer, who reportedly went by the name “jpegdegenlove,” has since deleted his OpenSea profile.
I just lost an ape guys…. I’m crying…. How did this just happen????😢😢😢😢😢😢😢😢😢😢😢😢😢😢😢
— TBALLER.eth (@T_BALLER6) January 24, 2022
Meanwhile, scammers continue to deceive NFT owners and steal their digital collectibles. Most recently, a user allegedly lost two Mutant Apes and one Clone-X after clicking a fake link.
2/ He contacted my son through discord via buy/sell channel for @RTFKTstudios on discord for his Clone-X and then suggested to use Sudoswap and phished his account via a fake link that looked legit but for a tiny detail (the .id) https://t.co/zFwXrt4L39
— Yat Siu (@ysiu) January 25, 2022
Yat Siu, co-founder and executive chairman of the NFT-focused company Animoca Brands — and the father of the victim — said that the minor’s assets were stored in a cold wallet, adding that “by signing the transaction believing it was real he essentially allowed the cold wallet to be drained of his NFTs (beware the links and double check) the lesson here is to only use services that you are comfortable with and understand.”
Source: Cryptonews