A front-end exploit on OpenSea allowed bad actors to make 332 ETH by allegedly buying non-fungible tokens (NFTs) at greatly discounted prices, PeckShield Alert reported.
According to a user @cap10bad, the bug was accessible through OpenSea's API.
The logic behind the attack was as follows:
- An OpenSea user lists an NFT for sale;
- This user then decides not to sell the token;
- OpenSea charges for delisting, which is why many users just transfer NFTs to another wallet;
- Despite the transfer, the NFT remains on the list for sale with the old price through OpenSea's API.
On January 22, OpenSea revealed a new feature that helps users avoid "costly mistakes."
However, analysts at PeckShield believe the issue has not yet been resolved as the total number of stolen funds keeps growing up.
Meanwhile, Meta is reportedly also working on its own marketplace for NFTs.
According to reports, the social media network wants to allow users to mint, store and sell NFTs through its own marketplace. The new feature will also provide an option of displaying their digital collectibles on their profiles.