OpenSea, one of the largest NFT marketplaces, has reimbursed about $1.8 million to its users who had been affected by the recent hack. This comes after the platform was at the receiving end for failing to properly address the user interface feature. This feature allowed third parties to take advantage of the loophole leading to the hacking incident.
Elliptic, a blockchain security company, initially reported the incident. It said hackers exploited the bug and leveraged that to buy previously listed NFTs extremely cheap at the earlier listed prices. The hackers did it to sell the non-fungible tokens at much higher market rates. However, OpenSea said this wasn’t a bug or an exploit. The platform highlighted this incident as an issue that arises due to the nature of the blockchain.
The bug was initially flagged on January 1 but the platform failed to take necessary action. Last Monday, OpenSea was exploited more than eight times in an eight-hour span. Nansen, a blockchain analytics provider, revealed that a wallet address associated with multiple purchases had made a total profit of $878,288 worth of ether.
Jenna Pilgrim, a CEO of Streambed, says the fact that a user could buy at previous prices and flip NFTs without any form of verification highlights the centralized issue in NFTs. She believes OpenSea does a job at creating a solid user interface but at the cost of security.
Elliptic’s security researchers identified three hackers. They had purchased around eight NFTs much less than its market value. The assets included reputable collectibles from Bored Ape Yacht Club, Mutant Ape Yacht Club and Cool Cats. An attacker, who went by the pseudonym “jpegdegenlove” alleged paid $133,000 for seven NFTs. The hacker then sold it on the platform for $934,000.
OpenSea took to Twitter to announce that it has added a “Listings” tab on users’ profiles. This feature allows users to review active and inactive listings on their NFT items. Built on the Ethereum blockchain, OpenSea is notorious for its outrageous gas fees.
