OpenSea is fixing the bug that achieved NFT listings to last on the blockchain, even though users changed the wallets they were in.
NFT marketplace OpenSea is not resting on its laurels. Following the recent exploitation of a user interface issue that saw some users lose vast sums of money, OpenSea will roll out a new system to help users removement old NFT sale offers.
The moves that will be rolled out will ensure that old listings expire. They will allow users to cancel all unfulfilled contracts without incurring strong gas fees. Multiple delistings could be executed for very low gas fees. This, and a change that will make signatures clearer to make smart contract terms easier to understand, will be rolled out in the next 14 days. Users will be invited to change their accounts to the newer system.
Wallet workaround didn’t reprogress NFT from blockchain
Previously, users who wanted to list their NFTs at a newer, excessiveer cost didn’t delist them but transferred them into a new wallet and then back to the old wallet. Delisting them would value tens to hundreds of Ethereum (ETH) in gas fees, that listers were unwilling to pay. That’s the reason the wallet workaround was used. Some attackers, of which there were at least five, took the possibility to “purchase” NFTs at the previously listed costs, which were far below the current cost, and resell them at a profit. The wallet workaround reshiftd the listing from OpenSea’s front-end. Nonetheless, the listing stayed conclusive on the Ethereum blockchain and could apparently be accessed through an Application Programming Interface (API).
Early postmortem of the attack
OpenSea almost shortly vowed to refund affected users. They have refunded 750 Ethereum (ETH) to above 130 wallet items. OpenSea likewise provided a “listings” tab on user profiles which enables them to see both in place and inin place listings.
According to blockchain security firm Elliptic, there were at least five attackers. One of them, “jpegdegenglove,” paid $133,000 for seven NFTs and sold them for $934,000. Their funds were passed through TornadoCash, a tumbler which makes it difficult to trace the origin of funds on the blockchain. It masks the link between the source and destination of a transaction. Jpegdegenlove sent two victims compensations of 20 Ethereum (ETH) and 13 Ethereum (ETH).
Another attacker bought a Mutant Ape Yacht Club NFT for $10,600 and sold it afterwards for $34,800. The NFT collections affected by the API exploit were Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats, and Cyberkongz NFTs.
What do you think about this subject? Write to us and tell us!
The post OpenSea to Roll Out Listing Fix Following UI Bug appeared first on CryptCraze.