By taking advantage of a technical flaw in the OpenSea platform, the world leader in the purchase and sale of NFT
, a (rather clever) reseller managed to get his hands on several non-fungible tokens, the famous Bored Apes. Listing rules incur colossal costs on the platform, which is why some sellers have overlooked security. A major concern that blockchain experts do not really qualify as a hack, but as a fraudulent purchase.
The Open Sea platform, with a purchase volume of 13 billion dollars, did not wish to comment on these flaws already observed in early December.
A “bug” in the OpenSea platform exploited by the malicious buyer
The galloping growth of the NFT attracts all the covetousness, and it is the famous collection of the Bored Ape Yacht Club which has again paid the price. In total, eight of these virtual primates were bought for a fraction of their price on the night of January 24 and resold at a much higher price by an opportunistic reseller.
NFT owner “TBALLER.eth” tweeted outraged as he saw that his Bored Ape #9991 sold without his consent for 0.77 ETH, a pittance compared to his basic investment. The fraudulent buyer then sold it for over $192,000. The operation was repeated 7 times on three anonymous wallets, totaling almost $1 million in profits.
A loophole in the listing system allowed this stunt, as OpenSea typically charges a large fee when a seller wants to re-list their NFT on the platform. We are talking here of several thousand euros which are used to finance energy expenditure, and most people have no desire to let go of them.
No comments from the platform yet
These transactions are not hacking, and the founder of Eliptic, a blockchain auditing firm, says the incident is just as ” loophole than a platform bug “. The fact remains that many owners of virtual monkeys (or other video game marvels) bear the brunt of the platform’s convoluted rules, without being able to offer them a refund.
Moreover, Open Sea did not wish to comment following these unsolicited transactions, while the flaw was noted on the site at the end of December. NFT flights, and especially Bored Apes, have become a regular on the platform. In early December, 8 such NFTs nearly disappeared, before the transactions were finally frozen by the site.
On the same subject :
A user hijacks 10,000 NFTs to make a work of art denouncing the “right click syndrome”
Source: The Verge
31