en
Back to the list

OpenSea to Roll Out Listing Fix Following UI Bug

source-logo  beincrypto.com  + 1 more 05 February 2022 12:42, UTC

OpenSea is fixing the bug that caused NFT listings to remain on the blockchain, even though users changed the wallets they were in.

NFT marketplace OpenSea is not resting on its laurels. Following the recent exploitation of a user interface issue that saw some users lose vast sums of money, OpenSea will roll out a new system to help users remove old NFT sale offers.

The changes that will be rolled out will ensure that old listings expire. They will allow users to cancel all unfulfilled contracts without incurring high gas fees. Multiple delistings could be executed for very low gas fees. This, and a change that will make signatures clearer to make smart contract terms easier to understand, will be rolled out in the next 14 days. Users will be invited to move their accounts to the newer system.

Wallet workaround didn’t remove NFT from blockchain

Previously, users who wanted to list their NFTs at a newer, higher price didn’t delist them but transferred them into a new wallet and then back to the old wallet. Delisting them would cost tens to hundreds of ETH in gas fees, which listers were unwilling to pay. That’s the reason the wallet workaround was used. Some attackers, of which there were at least five, took the opportunity to “purchase” NFTs at the previously listed prices, which were far below the current price, and resell them at a profit. The wallet workaround removed the listing from OpenSea’s front-end. However, the listing stayed valid on the Ethereum blockchain and could apparently be accessed through an Application Programming Interface (API).

Early postmortem of the attack

OpenSea almost immediately vowed to refund affected users. They have refunded 750 ETH to over 130 wallet items. OpenSea also provided a “listings” tab on user profiles that enables them to see both active and inactive listings.

According to blockchain security firm Elliptic, there were at least five attackers. One of them, “jpegdegenglove,” paid $133,000 for seven NFTs and sold them for $934,000. Their funds were passed through TornadoCash, a tumbler that makes it difficult to trace the origin of funds on the blockchain. It masks the link between the source and destination of a transaction. Jpegdegenlove sent two victims compensations of 20 ETH and 13 ETH.

Another attacker bought a Mutant Ape Yacht Club NFT for $10,600 and sold it later for $34,800. The NFT collections affected by the API exploit were Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats, and Cyberkongz NFTs.

What do you think about this subject? Write to us and tell us!

beincrypto.com

Similar news (1)
Add similar news

Add similar news

Send us a link to a similar news story on another source.

Why do we need it

The citation rate of a news item indicates its importance and significance. The number of mentions in different sources allows you to look at an event from different angles.

Please help us improve the application. If we have published news and you have found a similar one in another source, send us a link to it.