Some OpenSea customers were horrified to discover that their valuable NFTs had been sold for pennies on the dollar earlier this week. And many people were understandably devastated.
“Guys, I just lost an ape…. I’m in tears…. How did this happen so quickly???? “On Monday, an OpenSea user known as TBALLER posted 15 sobbing emoticons.
Due to a UI glitch on the NFT marketplace, TBALLER’s Bored Ape Yacht Club (BAYC) NFT was sold for about $1,800 on OpenSea – 99 percent below the floor price. The bidder who snatched the NFT instantly resold it for nearly $200,000, generating a $198,000 profit in less than an hour.
While the problem isn’t new, it has reappeared in a significant way this week. Elliptic, a blockchain analytics startup, discovered at least three attackers who bought over eight NFTs valued over $1 million for a fraction of their market value on Monday. Those NFTs were from the BAYC, Mutant Ape Yacht Club, Cool Cats, and CyberKongz collections, among others. According to blockchain security startup PeckShield, one attacker got 332 ether (worth over $800,000) by acquiring NFTs below market value owing to the flaw.
The company is “currently reaching out to and reimbursing affected users,” according to an OpenSea spokeswoman, who saw their NFTs sold below market value due to the “confusing UI” issue. Simultaneously, the marketplace is attempting to address the issue by raising awareness and providing consumers with more visibility and control over their NFTs.
What is the issue?
This is the source of the issue. Let’s say an OpenSea user receives an offer to sell their NFT for a particular amount of money. Instead of retracting the offer and paying the associated gas fees, they elected to transfer the NFT to another wallet. This indicates that the deal is no longer available on OpenSea. The issue arises if they return the NFT to the same wallet – the offer remains active and valid, and anyone might accept it.
When the NFT in question has increased in value between the time of the original offer and the time it is returned to the same wallet, this problem becomes considerably more serious. While the user now feels their NFT is worth hundreds of thousands of dollars (in BAYC’s instance), the NFT is sold for its initial price, which could be as low as a thousand dollars. And it’s this inconsistency that’s generating so much trouble.
On OpenSea, the only option to cancel a sale offer is to do an on-chain transaction, which is sometimes costly due to Ethereum’s high gas prices. This is why, rather than retracting their sell offer, OpenSea users prefer to relocate their NFTs to a new wallet.
According to Ledger CTO Charles Guillemet, “Gas price evasion is pushing terrible design and bad behavior from users.” “The scalability dilemma has never been more pressing, and the answers are Layer 2 [networks] rather than off-chain logic methods,” says the author.
Since its inception, OpenSea has had this UI design. However, attackers have only recently become aware of the issue. According to an OpenSea spokesman, the firm has kept this issue under wraps “because we didn’t want to risk bringing it to the attention of bad actors who could abuse it at scale until we had mitigations in place.”
“This isn’t an exploit or a flaw; it’s a problem that occurs due to the blockchain’s nature,” the representative explained. “Users must cancel their own listings; OpenSea cannot cancel listings on their behalf.”
How is OpenSea attempting to avoid this?
OpenSea has taken the UI issue “very seriously” and is working on many product enhancements, according to the company.
To begin with, the platform has introduced a new listings manager that allows users to quickly view and cancel their listings.
Second, according to the spokesman, OpenSea is reducing the default listing duration from six to one month, so that if an NFT is transferred back into a wallet after one month, the listing will have expired.
When users transfer an NFT out of their wallet that has an active listing linked with it, OpenSea will notify them and ask them if they want to cancel it. According to the spokesman, if OpenSea has the user’s email address associated with their OpenSea profile, it will send them an email in this respect.
This isn’t the first time that OpenSea users have encountered problems. A flaw in the NFT marketplace accidentally destroyed at least 42 NFTs valued at least $100,000 in September. Because the platform did not allow ERC-1155 tokens at the time, an OpenSea user named Tom Kuennen had his NFT vanish from his wallet early last year.
OpenSea is the industry leader in the NFT arena, with over 60% market share. However, due to a surge in activity on LooksRare, which has mostly been driven by wash trading, OpenSea’s market share has dropped dramatically this month. OpenSea has raised $300 million in a Series C fundraising round, valuing the company at $13.3 billion.