Be careful if you have inactive OpenSea listings, and read how to prevent loses
Leading secondary NFT marketplace OpenSea has had a bit of a stormy week as fraudsters found a loophole that allowed them to buy NFTs much below floor value or listing price. Unfortunately, to prevent such fraudulent activity, OpenSea has managed to make things worse for its users.
While this bug was revealed early this week, OpenSea reacted just today. Worryingly, it seems the marketplace overlooked the importance of explaining the situation in detail, leading to further confusion and losses for users. Today, an email targeted at inactive listings was sent out, explaining that they should immediately cancel inactive listings for their NFTs to prevent losses.
Unfortunately, the email did not consider the fact that there might be more than one inactive listing for an NFT. In a detailed thread, user swolfchan.eth explained how to prevent losses on an old MAYC listing, following OpenSea’s advice, they lost more.
Earlier this week, DappRadar reported that malicious actors had exploited an OpenSea vulnerability allowing them to purchase expensive NFTs cheaply. In short, a flaw in the marketplace allowed users to buy certain NFTs at prices they had been listed for in the past, without the owner realizing that they were still on sale. Moreover, the bug allowed attackers to purchase at least $1 million worth of NFTs across multiple wallets for significantly below market price.
The case with MAYC #23070
In the Twitter thread, swolfchain.eth explains that they received an email from OpenSea, warning users to cancel inactive listings. Swolfchain took the advice and canceled an old 15 ETH listing for their MAYC #23070. Unfortunately, an even older inactive listing for the same NFT became next in line on the blockchain. This essentially meant that MAYC #23070 was now listed for the old price of 6 ETH. And someone took advantage.
Swolfchain’s Etherescan records clearly show the transaction in which his MAYC was sold for 6 ETH on OpenSea. Of course, the new owner of the NFT wasted no time in shuffling the token around and selling it.
After moving the NFT to several addresses, the new owner listed and sold MAYC #23070 for 19.72 ETH. This represents a gain of 13.72 ETH, excluding gas fees. Still, that’s a hefty bump in his portfolio worth around $33.689 at the time of writing. Currently, the floor price for the Mutant Ape Yacht Club collection sits at around 18 ETH.
OpenSea misled users
Arguably, OpenSea made an effort to protect its users. However, there are undeniable cracks in the marketplace’s response to the situation.
Firstly, OpenSea released a community update warning that affected users days after the bug became public. Secondly, the community update in question offered misleading information.
While canceling a listing is exactly what one has to do to protect their asset, it’s essential to consider the possibility that there are previous inactive listings recorded on the blockchain. In this sense, the more secure way to protect your NFTs would be to move them to a completely different address and then cancel listings. Unfortunately, as we see with Swolfchain’s MAYC, simply removing an inactive listing might in fact, result in more considerable losses.
What is worse is, Swolfchain is not the only one. Numerous threads pop up on OpenSea following the bug reveal, with users explaining how they lost thousands and even millions of dollars. In this sense, be highly vigilant and check your OpenSea accounts. If you’ve ever listed an NFT that never sold, it’s safest to transfer it to a new address. Alternatively, you can use services like REVOKE, which essentially retracts all permissions and access to the NFTs and crypto in your wallet.
Stay safe in crypto and keep a close eye on your portfolio
While blockchain technology offers unprecedented transparency and security, it is also among the newest areas in tech. This opens up opportunities for hackers and exploiters to have a field day. Still, there are ways to protect your assets, as long as you have all the information you need.
DappRadar is committed to offering the most up-to-date and accessible portfolio management and security information. You can check out this handy list of tips on how to stay safe in the crypto world. Additionally, with the DappRadar Portfolio Tracker tool, you can easily view all your holdings in both DeFi and NFTs. Be it tokens, liquidity provision, or NFTs. You can see it all if you connect your wallet to the DappRadar website.
We will continue monitoring the NFT space as this technology continues to evolve. While OpenSea is an undeniable market leader, no one is safe from suffering an exploit or a hack. To learn the latest NFT and crypto news, follow DappRadar on Twitter. You can also join DappRadar PRO to take advantage of the most up-to-date NFT sales data and exclusive Discord communities.