Hackers are taking advantage of a weakness uncovered on the OpenSea nonfungible token marketplace to purchase NFTs at dramatically discounted prices and then flip them.
Since this morning, hackers have stolen more than $1 million worth of NFTs, according to cryptocurrency compliance firm Elliptic. At least three attackers, including Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats, and Cyberkongz, have been discovered as having exploited at least eight NFTs, according to the business.
NFTs are a blockchain-based asset that gives cryptographic proof of digital asset ownership. Bored Ape Yacht Club’s digital artwork is made up of enormous collections of cartoon apes that are subsequently utilized as profile photographs and access to a chat group.
The problem, which was identified at the end of December, allows certain users to remove their NFTs from the marketplace without having to pay delisting fees. The listing would, however, continue to be available on OpenSea’s and Rarible’s application programming interface backends. Cap10bad, the founder of the freshdrops.io NFT project, first discovered this bug.
In a Twitter thread, Rotem Yakir, a developer at the decentralized money business Orbs.com, revealed the vulnerability. People who relisted their NFTs without canceling them and then sold them at a higher price could be acquired at a lesser price using the glitch, according to Yakir.
Elliptic discovered that, as of today, one attacker exploited the problem and paid a total of $133,000 for seven NFTs before swiftly selling them for $934,000.
Despite the fact that the flaw was discovered and published weeks ago, the corporation claims that it has not yet seen any notable exploitation.
Security researcher Tal Be’ery corroborated Elliptic and Yakir’s findings earlier today when he provided data from the Ethereum blockchain suggesting that Bored Ape Yacht Club #8274 was purchased for $50,500 (22.9 ETH) in July and then sold for about $296,000 in August (130 ETH).
On its help website, OpenSea cautions against selling NFTs by stating that moving a listing does not cancel it.