OpenSea Fixes Vulnerability, But Users Are Still Losing NFTs To Hackers

The OpenSea vulnerability which analysts first got wind of a few days ago appears to have not been fixed. According to new data, OpenSea users are still losing their pieces to hackers. Another eight NFTs have been exploited and sold without the owner’s consent for a huge profit by hackers.

OpenSea exploit continues

Hackers have been exploiting a major bug that allows them to list and sell rare NFTs on OpenSea at below their market value. According to blockchain analytics firm, Elliptic, the vulnerability is originating from the ability to relist an NFT at a new price, without canceling the original listing. The hackers exploited the bug by buying the NFTs at prices for which they were listed in the past.

Multiple users of OpenSea have fallen victim to the attack, and it appears to have not been fixed. Data from the NFT analytics platform, NFTGo.io shows that eight more popular NFTs have been listed and sold with this method. The NFTs involved include Cool Cat #9575, #7218, #3537, #1546, and BAYC #6623, #1397, #775, #2068. OpenSea also appears to have blocked the hackers’ address according to the report. Nonetheless, the hacker has made a profit of close to 150ETH (over $360,000) by selling the loot on LooksRare.

OpenSea has confirmed that the bug indeed exists but has explained that it fell to users to protect themselves against getting exploited. Announcing that they launched a new listing manager, they advised listers to cancel old listings. Meanwhile, total losses to users have now surpassed 347 ETH ($788,991) from PeckShield’s estimate.

What's going on:
Listings made a long time ago are resurfacing when items transfer back into lister’s wallets.

What we did:
We can't cancel these orders for listers, so to fix the problem, we launched a new listings manager today.https://t.co/jy2sUhaBUA pic.twitter.com/6b8lHmkEYN

— OpenSea (@opensea) January 24, 2022

Hacks are still one of the biggest threats in crypto

Hacks have continued to be endemic in the cryptocurrency space. A Chainalysis report estimated that in 2021, scammers stole over around $14 billion mostly due to DeFi hacks. The new year has already seen Crypto.com fall victim to a $30 million hack.

However, the industry is collectively working to bring more security through the education of users. This has been noted to be paying off. As pointed out by the Chainalysis report, crime has been reduced significantly in the industry and now forms only a small part of transactions that blockchains are handling.