In a Reported OpenSea Exploit, a Hacker Targets Bored Ape NFT Holders, Stealing $750K
According to reports, an attack in OpenSea’s front-end enabled the offender to steal around $750K in ETH.
Someone has purportedly discovered a technique to abuse the front-end of OpenSea, the world’s most popular non-fungible token (NFT) marketplace. The assailant is allegedly targeting members of the Bored Ape Yacht Club and their prized apes.
PeckShield alerted the community to an OpenSea front-end vulnerability earlier today, stating that the hacker had already obtained 332 ETH, which is about $750K at the time of this writing.
Another user discovered that the glitch allows users to purchase listings at previous pricing. According to reports, the offender is targeting holders of Bored Ape NFTs, namely members of the Bored Ape Yacht Club. Apparently, a previous exploit with identical qualities existed, allowing for the purchase of assets at steep discounts.
The user notes that if someone posted an NFT for sale on OpenSea and afterwards elected not to keep it operational, the platform would charge for its removal. This, however, may be expensive, and users discovered a solution by transferring the NFT to another wallet, thereby cancelling the listing.
While the item may not appear in the OS listing, it is still operational through OS’s API. The easiest method to read these archived listings is via Rarible, which displays and fulfils OS listings through the OS API.