Second bug in 24 hours found in the OpenSea platform

By Raffaele Redi

The victims reported a loss of over $1m

Wooden blocks spelling the word 'scam'                                 
The Bored Ape Yacht Club NFT collection was targeted – Photo: Shutterstock
                                

A second bug found in under 24 hours in the OpenSea marketplace has enabled users to buy NFTs worth millions for just a few thousand dollars.

OpenSea, the world’s largest NFT platform, has not confirmed reports, but victims are already acting to recover their losses.  

Once again, the exploiters targeted the Bored Ape Yacht Club NFT collection, with some Apes being purchased for just a few dollars and immediately resold for less than their market value, earning the exploiter hundreds of thousands of dollars.

The bug

As DApp store DappRadar explained, a flaw in the marketplace allowed users to buy certain NFTs at the price at which they had been listed in the past, without the owner realising they were still on sale.

“The bug allowed attackers to purchase at least $1m worth of NFTs across multiple wallets for significantly below market price,” DappRadar said.

“The bug allowed the trader to get their hands on the BAYC NFT, with a floor price of around $220,000 for under $2,000. Of course, the lucky buyer then put the NFT back on sale at ETH84.2, or approximately $200,000. Within minutes the item sold, and the investor pocketed around $197,000 in profit after fees.

OpenSea Bug Bounty Program

The OpenSea platform recently set up a scheme offering rewards in exchange for reporting vulnerabilities.

Since the launch of the programme in May 2020, the platform has resolved more than 25 such issues.

The bounties range between $500 and $50,000, depending on the severity of the vulnerability and its impact, with the possibility of a higher bounty at the discretion of the OpenSea team.

“Engagement has been tremendous – and since May of 2020, we’ve resolved and paid bounty for more than 25 proven vulnerability reports,” Alex Atallah, co-founder of OpenSea, said.

“Since its launch, OpenSea’s Bug Bounty Program has allowed us to quickly address vulnerabilities, improve our defences and help keep our platform secure alongside our own teams’ efforts.” 

NFTs and scams

According to Chainalysis, cryptocurrency-based crime hit an all-time high in 2021, with illicit addresses receiving $14bn over the course of the year, up from $7.8bn in 2020.

More and more NFTs and cryptos have been targeted by hackers using malicious programs, with cybersecurity firms constantly trying to develop new tools to counter them.

Recently, another NFT collection, the Ozzy Osbourne NFT series, reportedly fell victim to a scam, with thousands of dollars lost by users.

Australian scammer exposed by sugar baby addiction

In some cases, however, there is no need for a big cybersecurity firm to root out bugs or scammers.

One Australian scammer, for example, revealed himself to the authorities because of his addiction to so-called sugar babies (young women who keep wealthy men company in exchange for financial and material support).

According to the Australian media, the scammer bought a luxury apartment in which to meet escorts and organise sex parties.

The young Australian crypto fraudster is thought to have spent most of his $123m Ponzi scheme on his sugar baby addiction. He was given a seven-and-a-half-year prison sentence.

Further reading

The material provided on this website is for information purposes only and should not be regarded as investment research or investment advice. Any opinion that may be provided on this page is a subjective point of view of the author and does not constitute a recommendation by Currency Com Bel LLC or its partners. We do not make any endorsements or warranty on the accuracy or completeness of the information that is provided on this page. By relying on the information on this page, you acknowledge that you are acting knowingly and independently and that you accept all the risks involved.
iPhone Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image