OpenSea Reportedly Suffers Front-end Attack; Hacker Gains $800k

OpenSea NFT hack

The world’s largest marketplace for trading non-fungible tokens (NFTs), OpenSea has reportedly suffered a front-end attack resulting in the loss of 332 ETH ($800k). The attack was first noted by blockchain security firm PeckShield and was initiated within four hours of press time.

Blockchain data reveals that the wallet used to execute the attack received 10 ETH from an anonymous wallet service, TornadoCash. Next, the received ETH was wrapped to wETH to be used for the attack on OpenSea which netted the hacker 332 ETH.

The attacker gained unauthorized access to NFTs belonging to the Mutant Ape Yacht Club, Bored Ape Yacht club, and Cool Cats collections. The NFTs were immediately sold to net profits for the hackers, with the funds still held in the wallet address at the time of writing.

Many users on Twitter have confirmed losing their NFTs to the OpenSea front-end breach, including user TBaller.eth whose Bored Ape Yacht club NFT sold for just 0.77 ETH, significantly lower than the 86 ETH floor price.

OpenSea revealed in a subsequent announcement that it was already aware of the UI bug. “Listings made a long time ago are resurfacing when items are transferred back into lister’s wallets,” OpenSea said. The bug resulted in assets being sold for prices that the owner had listed them for in the past, even though the buyer had stipulated new prices for their NFTs.

OpenSea has released a “new listings manager” to resolve the vulnerability and is also reportedly reaching out to affected users to reimburse the stolen funds.

Your crypto deserves the best security. Get a Ledger hardware wallet for just $79!

Market Analysis
Liked Reading? Share with Friends