OpenSea hacked for $780,000 | Bitcointalksearch.org

martina14

full member

Activity: 1190

Merit: 111

Quote from: Kavelj22 on January 26, 2022, 08:40:26 PM

Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.
Tweet: https://twitter.com/PeckShieldAlert/status/1485547426467364864

The incident was reported three days ago without any official announcement from the platform. According to this article, this how the incident happened:

Quote from: https://nairametrics.com/2022/01/24/breaking-opensea-reportedly-hacked-for-780000/

A bug in the front end of OpenSea, one of the world’s biggest markets for Non-fungible Tokens (NFTs), is reportedly the cause of the hack, as it allowed users to buy popular NFTs at their previous listing price.

As I read the article, it seems that there is something wrong, but I don't know if I am the only one noticed it. But anyway this same old issue I think will not be gone instead it will always be a part of the business here in the crypto space as long as there is a huge money involved in the market. Particularly now that NFT was too trending at the moment.

doomloop

hero member

Activity: 2408

Merit: 584

Quote from: TribalBob on January 29, 2022, 09:37:14 AM

there may be other reasons why this opensea issue was not published, you know that if the strongest bad news from one platform will definitely affect prices, user trust and many more it can have a negative effect not only on NFT but all crypto.
the hope of every user of the platform is that the funds will be returned

Well said. We cant blame open sea because they are only protecting not only their reputation but also the overall crypto community. Not only that but if they announce this thing, there are people that will try it as well if if it also works for them because people nowadays wont really care much if they do a bad thing but as long as they can benefit with it they will do it.

Opensea should fix the issue and add some extra layer of security so that next time hackers will have a hard time to crack their system because it was not the first time it happened to them but if I remember there are incidents on the past where a bored ape have been stolen and then re sold.

Anonylz

hero member

Activity: 2562

Merit: 577

Quote from: TribalBob on January 29, 2022, 09:37:14 AM

there may be other reasons why this opensea issue was not published, you know that if the strongest bad news from one platform will definitely affect prices, user trust and many more it can have a negative effect not only on NFT but all crypto.
the hope of every user of the platform is that the funds will be returned

If the funds are not already or no promises from the opensea team to return the funds of various affected victims believe it would have been made public long before now, am almost certain the teams have addressed the issue and promised a full refund to victims which were affected.

Kavelj22

legendary

Activity: 1778

Merit: 1474

🔃EN>>AR Translator🔃

Quote from: jrrsparkles on January 29, 2022, 09:20:48 AM

Quote from: Kavelj22 on January 26, 2022, 08:40:26 PM

Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.
Tweet: https://twitter.com/PeckShieldAlert/status/1485547426467364864

The incident was reported three days ago without any official announcement from the platform. According to this article, this how the incident happened:

Quote from: https://nairametrics.com/2022/01/24/breaking-opensea-reportedly-hacked-for-780000/

A bug in the front end of OpenSea, one of the world’s biggest markets for Non-fungible Tokens (NFTs), is reportedly the cause of the hack, as it allowed users to buy popular NFTs at their previous listing price.

I didn't see any other threads as well, is there any announcement or update from the official site? If not then we can't trust that the platform is actually hacked, its not really hacked people took money due to the glitches in their security system.

The platform didn't also announce that there was people took money due to the glitches in their security system. What did really happen, actually we don't have exact answer yet. And the company by not explaining the situation makes things worst.

The hope of every user of the platform is not just to refund their wallets, but also to deal with a company running in transparence.

TribalBob

sr. member

Activity: 1330

Merit: 257

DGbet.fun - Crypto Sportsbook

there may be other reasons why this opensea issue was not published, you know that if the strongest bad news from one platform will definitely affect prices, user trust and many more it can have a negative effect not only on NFT but all crypto.
the hope of every user of the platform is that the funds will be returned

jrrsparkles

sr. member

Activity: 2520

Merit: 280

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: Kavelj22 on January 26, 2022, 08:40:26 PM

Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.
Tweet: https://twitter.com/PeckShieldAlert/status/1485547426467364864

The incident was reported three days ago without any official announcement from the platform. According to this article, this how the incident happened:

Quote from: https://nairametrics.com/2022/01/24/breaking-opensea-reportedly-hacked-for-780000/

A bug in the front end of OpenSea, one of the world’s biggest markets for Non-fungible Tokens (NFTs), is reportedly the cause of the hack, as it allowed users to buy popular NFTs at their previous listing price.

I didn't see any other threads as well, is there any announcement or update from the official site? If not then we can't trust that the platform is actually hacked, its not really hacked people took money due to the glitches in their security system.

cryptoaddictchie

legendary

Activity: 2268

Merit: 1379

Fully Regulated Crypto Casino

Quote from: Kavelj22 on January 28, 2022, 05:29:29 PM

No people didn't lose their money as the amount wasn't that big and can be recovered by OpenSea.
The weird thing is that the issue has been reported after discovering the first loophole back to last December. Devs are not aware that small issues can become a real problem if not treated at the right time.

They did actually. They supposedly received the current floor of their own nft but due to bug of what they did and opensea lack of feature, they loss tremendous amount of money through a genuus buyer who knows a backdoor with the loophole. I might say this isnt a hacked and scammer cant be dove as scammer. Now everyone with same case must be worried now. If I were opensea I talk to thowe guys and at least gave them some compensation though they also have mistake there.

Kavelj22

legendary

Activity: 1778

Merit: 1474

🔃EN>>AR Translator🔃

Quote from: Jating on January 28, 2022, 04:37:47 AM

Oh, that's really too back to hear that at the start of the year we have a hack already, although the amount is that that huge compare to the other hacks from the past 4 years. Nevertheless people have lost their money due to the inability of the devs to really test their platform and look for loopholes. And now the hackers have found the exploits and we can't do anything about it. And it will tarnished the image of OpenSea with this hacks.

No people didn't lose their money as the amount wasn't that big and can be recovered by OpenSea.
The weird thing is that the issue has been reported after discovering the first loophole back to last December. Devs are not aware that small issues can become a real problem if not treated at the right time.

eaLiTy

hero member

Activity: 2814

Merit: 911

Have Fun )@@( Stay Safe

Quote from: Kavelj22 on January 26, 2022, 08:40:26 PM

Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.

There is not much discussion regarding this even in other crypto related groups and i am involved in a few NFT projects and even i did not notice anyone complaining about the issue as well and i first saw this thread here. I do not see OpenSea making any announcement regarding this issue even though i see another article just like you shared. If users come onboard with the issue, OpenSea will make a statement if it really happened.

ryzaadit

legendary

Activity: 2660

Merit: 1261

Quote from: cryptoaddictchie on January 28, 2022, 04:46:42 AM

-snip-.

Yes, that's why I told only bug advantage and not opensea fault at all.
1. Seller using a loophole to avoid un-listing price listing on opensea by sending by send to other address and sent back to original address
2. The previous listing will be disappear visual on the site, but on the smartcontract still being listing
3. Hacker not change any code, he just using API OpenSea because on there the old listing still can be used
4. Hacket run his own bot.
5. Then, is happened.

The seller use loophole for just don't want to avoid fee and now because the loophole it self back stabing him.

mardaed

full member

Activity: 994

Merit: 105

Quote from: hugeblack on January 28, 2022, 04:31:39 AM

Lots of platforms have been hacked yet people are still using them as an example in the last year:

Quote from: hugeblack on January 28, 2022, 04:31:39 AM

NFT tokens are a hot topic and such hacks will cause big problems for them especially with the increased competition and with more money flowing in, paying those sums is better than nothing.

While that is indeed true that many platforms have been hacked before, I think that it won’t be prevented that users will be rattled, especially that they were not made aware of such happenings. Although, paying those stolen funds may seem to be a way to salvage the situation, having a full disclosure will be highly appreciated by the users for sure.

cryptoaddictchie

legendary

Activity: 2268

Merit: 1379

Fully Regulated Crypto Casino

Exploit or a genius?

I think this is the case of a BAYC nft who got sold on its long time bid. Ive been following the story few days back and we cant blame someone who see a loophole on the opensea. Its actually the error of the seller without finishing his sale or cancelling his bid before transferring to other wallet. Now the exploiter see a bright opportunity there and did some magic which should have been avoided if opensea showing any record of uncancelled transactions.

For me its an error of the seller and opensea. But the hacker clearly did not exploit any wrong codes he just probably find a way to buy a cheaper nft compared to current floor price.

Jating

hero member

Activity: 2842

Merit: 772

Oh, that's really too back to hear that at the start of the year we have a hack already, although the amount is that that huge compare to the other hacks from the past 4 years. Nevertheless people have lost their money due to the inability of the devs to really test their platform and look for loopholes. And now the hackers have found the exploits and we can't do anything about it. And it will tarnished the image of OpenSea with this hacks.

hugeblack

legendary

Activity: 2702

Merit: 4002

Quote from: mardaed on January 27, 2022, 08:19:55 AM

By the looks of it, it seems to be the situation, they are indeed hiding the situation. However, with this information coming out now, I think that this will affect OpenSea now. I just hope that they focus more on the quality of their security, in order to assure their users, who will surely panic and be worried upon knowing this incident.

Lots of platforms have been hacked yet people are still using them as an example in the last year:

- 2021, December, 2021: BitMart hacked (Obtained access to hot wallet) with $150 million
- 2021, August 19: Liquid hacked (Obtained access to hot wallet) with $97 million
- 2020, September 25: KuCoin hacked (Data leak) of $275 million
.
.
.
- 2018, January 27: CoinCheck hacked (Unknown) with $560 million

Source --> https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/

Most of these platforms have several million users who spend millions of dollars.

Quote from: crzy on January 27, 2022, 04:37:08 PM

They probably hiding it unfortunately, someone caught them and this is not a small money at all. A decentralized platform where you can buy and sell NFT got hacked and that’s alarming to me. They should have a better security in the first place, and of course we deserve a total disclosure of this incident.

NFT tokens are a hot topic and such hacks will cause big problems for them especially with the increased competition and with more money flowing in, paying those sums is better than nothing.

jeungo

full member

Activity: 700

Merit: 100

I'm not surprised, they draw too much attention to themselves, although initially the site was not designed for such a large amount of money later. For this reason, their defense was most likely also designed for the basic level of attack. When you're making hundreds of thousands of dollars worth of trades, you need to invest in protection.

DapanasFruit

member

Activity: 1218

Merit: 49

Binance #Smart World Global Token

Quote

A hack is a hack, even if the amount of money that got stolen is on the low side it does not change the fact that someone was able to find a bug big enough to allow them to do something like this, and if it takes so much time to fix something that is so small what is it going to happen the day a hacker finds a huge exploit on their platform? So while the amount is small compared to what we are used to see, it does not change the fact they need to improve their security before an even larger hack happens to them.

That's the point. There is a serious security problem in the OpenSea platform and this has to be fixed otherwise there can be another hacking to come later on and who knows if it can be more successful than this one. In an expanding and really exciting NFT industry, a huge platform catering to such an industry has to invest more on security as this can really affect the credibility of the whole industry itself.

ryzaadit

legendary

Activity: 2660

Merit: 1261

Quote from: Silberman on January 27, 2022, 04:39:31 PM

-snip-

You should learn to make a difference between hack and bug advantage.

Hack, you are completed hacking the whole platform. This is just a bug advantage because you are not canceling any listing price on the smart contract. Remember, any activity on the blockchain need a smart contract transaction for your activity.
- Listing
- Canceling
- Buy
- Other things.

The buyer is not canceling his listing price of 1,700$, you want to know what he did? he transfer the NFTs to other wallets to avoid spending money for canceling the listing price (That's mean, the victim is also trying to use a bug to avoid gas fee cost unlisting). Because of that, his listing price of 1,700$ is still stored on the smart contract.

Time to learn, If you have an activity on smart contract always canceled via smart contract and next time don't use any kind of loophole to bypass don't want to spend money for canceling. Imagine, you are using a bug opensea to avoid spending gas unlisting price and you get rekt by the bug it self from what you did (Damn, it's like karma back stabing you).
---
Fun fact, at least the person who did this send 20 ETH to the victim.

Silberman

legendary

Activity: 2534

Merit: 1338

Quote from: ryzaadit on January 27, 2022, 04:29:10 PM

Quote from: dimonstration on January 27, 2022, 07:45:32 AM

-snip-

No for what?

780,000$ is really small, you can easily to mixer the fund with Tornado Cash.
---

Some people think even myself, this kind of issue is not really "OpenSea"x. The reason is on the blockchain every listing needs a contract transaction, and the user also trying to avoid canceling the listing by transferring to another wallet and transferring back to the original wallet.

Basically, he doesn't want to pay fee transaction ~XD I believe, If he is not the cheapest person who just pay for the cancel listing should be not really getting into the problem.

A hack is a hack, even if the amount of money that got stolen is on the low side it does not change the fact that someone was able to find a bug big enough to allow them to do something like this, and if it takes so much time to fix something that is so small what is it going to happen the day a hacker finds a huge exploit on their platform? So while the amount is small compared to what we are used to see, it does not change the fact they need to improve their security before an even larger hack happens to them.

crzy

full member

Activity: 2128

Merit: 180

Quote from: mardaed on January 27, 2022, 08:19:55 AM

Quote from: hugeblack on January 27, 2022, 08:07:41 AM

It seems that the platform has contained the matter and paid the amount instead of jeopardizing its reputation.

By the looks of it, it seems to be the situation, they are indeed hiding the situation. However, with this information coming out now, I think that this will affect OpenSea now. I just hope that they focus more on the quality of their security, in order to assure their users, who will surely panic and be worried upon knowing this incident.

They probably hiding it unfortunately, someone caught them and this is not a small money at all. A decentralized platform where you can buy and sell NFT got hacked and that’s alarming to me. They should have a better security in the first place, and of course we deserve a total disclosure of this incident.

ryzaadit

legendary

Activity: 2660

Merit: 1261

Quote from: dimonstration on January 27, 2022, 07:45:32 AM

-snip-

No for what?

780,000$ is really small, you can easily to mixer the fund with Tornado Cash.
---

Some people think even myself, this kind of issue is not really "OpenSea"x. The reason is on the blockchain every listing needs a contract transaction, and the user also trying to avoid canceling the listing by transferring to another wallet and transferring back to the original wallet.

Basically, he doesn't want to pay fee transaction ~XD I believe, If he is not the cheapest person who just pay for the cancel listing should be not really getting into the problem.

Topic: OpenSea hacked for $780,000 (Read 272 times)