NFT marketplace bug undervalues tokens, helps exploiter nab $750,000

A bug in the front end of popular nonfungible token (NFT) marketplace OpenSea has reportedly led to an exploit allowing users to buy popular NFTs at their previous listing price.

The bug seems to be prevalent with Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFT collectibles, where the exploiter managed to buy them at their old listing price and then sold them for the current market price. The affected NFTs include BAYC #9991, BAYC #8924, MAYC #4986.

Opensea User Activity Tab Source: OpenSea

A user named jpegdegenlove is suspected of exploiting the current bug and has reportedly profited 332 Ether (ETH) ($754,000). OpenSea didn’t immediately respond to Cointelegraph’s request for comment.

Reported exploiter Ether wallet balance Source: Etherscan

An earlier exploit on Dec, 31 saw a similar scenario, wherein a bug seems to arise from the transfer of assets from the OpenSea wallet to a different wallet without canceling the listing.

Related:  Nifty News: FLUF World and Snoop Dogg fundraise, Adidas and Prada NFTs, WAX gifts 10M NFTs

One Twitter user explained that, when a user lists their collectible for auction on the OpenSea and decides to cancel it for some reason, the marketplace charges a significant fee and the floor price of the collectible also decreases. Users found a way around it and instead of canceling their sale, they transfer their asset to a different wallet which automatically removes the listing from OpenSea, However, the bug keeps the listing active through OpenSea’s API. 

Users can check whether their listing has been removed on Rarible, another NFT marketplace that uses OpenSea’s API. The user claimed that the bug was flagged after the December incident, but the platform didn’t take any measures to address the issue.

NFTs exploded in popularity in 2021 with major brands and celebrities all hopping on the bandwagon, which has attracted an increasing number of scams