The problem was reported on Monday by Elliptic and many Twitter users reported the story.
At least three attackers bought at least eight NFTs for substantially less than market value in the last 12 hours, Elliptic stated. Specifically, it affects Bored Ape Yacht Club and Mutant Ape Yacht Club NFTs.
On Twitter, one user stated that his NFT was acquired for $1,800 and resold for $196,000.
An attacker using the alias ‘jpegdegenlove’ purchased $133,000 for seven NFTs before selling them for $934,000 in ether.
On the fifth day, this ether was transmitted using Tornado Cash, a service intended to prevent blockchain trace. Jpegdegenlove also appears to have partially paid two victims, giving TBALLER and Vault327 each 20 ETH ($45,000.)
Another attacker bought a Mutant Ape Yacht Club NFT for $10,600 and sold it for $34,800 five hours later.
Since the problem was detected, OpenSea has been working on remedies, a spokeswoman informed ZDNet. They denied it was a bug or a flaw.
“We’ve taken this problem very seriously and are working on a solution for the community. This isn’t an attack or a flaw — it’s a problem caused by the blockchain. Users can’t cancel listings on OpenSea. Listings must be canceled by the user ” OpenSea stated.
The issue arises when a user moves an NFT from one wallet to another without removing current listings since the transaction is broadcasted to the blockchain.
After 1 month, if an NFT is returned to a wallet, the listing will have expired.
A new feature that surfaces in-product alerts about current listings and asks users whether they want to cancel it will be integrated within the next two days. OpenSea will send users an email when they transfer an NFT into a wallet with an active listing.
Get started with as little as $10.