OpenC hacked $750,000… “Hackers aim for boring monkey NFTs”


 550 total views

[Blockchain Today Correspondent Han Ji-hye] It is known that OpenSea, the world’s largest NFT marketplace, was attacked by hackers and approximately $750,000 worth of Ether (ETH) was stolen.

According to Cryptopotato, a media specialized in cryptocurrencies, at the dawn of the 24th (US time), the attack was discovered by PekShieldAlert, a real-time ‘alert bot’ of PeckShield, an American security company. 332 ETH, equivalent to ten thousand dollars, was stolen.

Cryptopotato reported that the hackers had attacked a vulnerable part of OpenSea’s front-end, and that their target was believed to be the Bored Ape Yacht Club (BAYC).

The front-end vulnerability of the OpenSea platform has been pointed out by several experts. This attack revealed a system flaw that could allow famous NFTs and others to be sold at ‘heavy discounted prices’ that sellers do not want.

The flaw appears when OpenC’s users register their NFTs for sale and do not want the list to be activated later. The OpenC platform is known to charge a significant fee for deleting a registered list. Therefore, instead of deleting the NFT, the user uses a detour method of transferring it to another wallet and removing it from the sales list, which causes a problem.

Although the item is not listed for sale in the operating system (OS), in reality it is still active through the OS’s application programming interface (API), so Rarible is using the OS’s API to display and implement the OS list. ) through which the ‘cancelled list’ can be sold.

Due to this weakness, one of BAYC’s ‘Bored Monkey #8924’ was sold at 6.66 ETH, about $14,700, which is 92% lower than the current BAYC lower limit.

Twitter user VirtualToast.eth, the victim of the incident, even suggested that OpenC revoke all permissions granted to OpenC if the BAYC owner moved the sale list to the wallet without deleting it.

[email protected]

Adblock test (Why?)

Disclaimer: does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor can this article be considered as investment advice or recommendations. Every investment and trading move involves risk, you should conduct your own research when making a decision.