A hacker has reportedly stolen $1.7 million worth of NFTs on the OpenSea marketplace, including some from the most hyped collections – the Mutant Ape Yacht Club and the Bored Ape Yacht Club.
OpenSea is one of, if not the world’s leading NFT marketplace, but its dominance is being challenged.
The platform has grown so big, so quickly that it’s made itself vulnerable to cyber attacks.
That’s almost expected, with a monthly trading volume in excess of $3.5 billion (yes, billion with a ‘B’).
A few days ago, OpenSea users started seeing anomalies on the platform, and just a few hours later, it was revealed a hacker used a smart contract* to exploit a flaw in the platform.
The attacker(s) then reportedly sold $1.7 million worth of stolen NFTs.
With the latest upgrade, OpenSea wanted to phase out older contracts by removing them from the platform, but the contracts weren’t removed from the network entirely, which means that the attacker was basically able to buy NFTs at yesterday’s price.
To give you an example, it would be like allowing someone to buy a Rolex Daytona or a Ferrari Testarossa at 1980s prices… in 2022.
Ironically, OpenSea’s upgrade was designed to do exactly the opposite of that, it was designed to allow users to cancel older, unfulfilled contracts while saving on gas fees**.
* a ‘Smart Contract’ is a protocol designed to enable automatised transactions, based on clauses on pre-requisites that are written in the code of the contract, meaning these contracts are immutable and immune to corruption or alteration.
** in the crypto world, the term ‘Gas Fees’ simply refers to the transaction fees on the Ethereum network.