OpenC hacked $750,000… “Hackers aim for boring monkey NFTs”

OpenC hacked 0,000… “Hackers aim for boring monkey NFTs”

Loading

[Blockchain Today Correspondent Han Ji-hye] It is known that OpenSea, the world’s largest NFT marketplace, was attacked by hackers and approximately $750,000 worth of Ether (ETH) was stolen.

According to Cryptopotato, a media specialized in cryptocurrencies, at the dawn of the 24th (US time), the attack was discovered by PekShieldAlert, a real-time ‘alert bot’ of PeckShield, an American security company. 332 ETH, equivalent to ten thousand dollars, was stolen.

Cryptopotato reported that the hackers had attacked a vulnerable part of OpenSea’s front-end, and that their target was believed to be the Bored Ape Yacht Club (BAYC).

The front-end vulnerability of the OpenSea platform has been pointed out by several experts. This attack revealed a system flaw that could allow famous NFTs and others to be sold at ‘heavy discounted prices’ that sellers do not want.

The flaw appears when OpenC’s users register their NFTs for sale and do not want the list to be activated later. The OpenC platform is known to charge a significant fee for deleting a registered list. Therefore, instead of deleting the NFT, the user uses a detour method of transferring it to another wallet and removing it from the sales list, which causes a problem.

Although the item is not listed for sale in the operating system (OS), in reality it is still active through the OS’s application programming interface (API), so Rarible is using the OS’s API to display and implement the OS list. ) through which the ‘cancelled list’ can be sold.

Due to this weakness, one of BAYC’s ‘Bored Monkey #8924’ was sold at 6.66 ETH, about $14,700, which is 92% lower than the current BAYC lower limit.

Twitter user VirtualToast.eth, the victim of the incident, even suggested that OpenC revoke all permissions granted to OpenC if the BAYC owner moved the sale list to the wallet without deleting it.

contact@blockcast.cc

Adblock test (Why?)