Author

Topic: OpenSea hacked for $780,000 (Read 278 times)

full member
Activity: 1190
Merit: 111
February 07, 2022, 09:14:07 PM
#25
Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.
Tweet: https://twitter.com/PeckShieldAlert/status/1485547426467364864

The incident was reported three days ago without any official announcement from the platform. According to this article, this how the incident happened:
A bug in the front end of OpenSea, one of the world’s biggest markets for Non-fungible Tokens (NFTs), is reportedly the cause of the hack, as it allowed users to buy popular NFTs at their previous listing price.

As I read the article, it seems that there is something wrong, but I don't know if I am the only one noticed it. But anyway this same old issue I think will not be gone instead it will always be a part of the business here in the crypto space as long as there is a huge money involved in the market. Particularly now that NFT was too trending at the moment.
hero member
Activity: 2408
Merit: 584
February 03, 2022, 04:06:10 PM
#24
there may be other reasons why this opensea issue was not published, you know that if the strongest bad news from one platform will definitely affect prices, user trust and many more it can have a negative effect not only on NFT but all crypto.
the hope of every user of the platform is that the funds will be returned
Well said. We cant blame open sea because they are only protecting not only their reputation but also the overall crypto community. Not only that but if they announce this thing, there are people that will try it as well if if it also works for them because people nowadays wont really care much if they do a bad thing but as long as they can benefit with it they will do it.

Opensea should fix the issue and add some extra layer of security so that next time hackers will have a hard time to crack their system because it was not the first time it happened to them but if I remember there are incidents on the past where a bored ape have been stolen and then re sold.
hero member
Activity: 2562
Merit: 577
February 03, 2022, 01:57:27 PM
#23
there may be other reasons why this opensea issue was not published, you know that if the strongest bad news from one platform will definitely affect prices, user trust and many more it can have a negative effect not only on NFT but all crypto.
the hope of every user of the platform is that the funds will be returned

If the funds are not already or no promises from the opensea team to return the funds of various affected victims believe it would have been made public long before now, am almost certain the teams have addressed the issue and promised a full refund to victims which were affected.
legendary
Activity: 1778
Merit: 1474
🔃EN>>AR Translator🔃
January 29, 2022, 06:54:49 PM
#22
Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.
Tweet: https://twitter.com/PeckShieldAlert/status/1485547426467364864

The incident was reported three days ago without any official announcement from the platform. According to this article, this how the incident happened:
A bug in the front end of OpenSea, one of the world’s biggest markets for Non-fungible Tokens (NFTs), is reportedly the cause of the hack, as it allowed users to buy popular NFTs at their previous listing price.
I didn't see any other threads as well, is there any announcement or update from the official site? If not then we can't trust that the platform is actually hacked, its not really hacked people took money due to the glitches in their security system.

The platform didn't also announce that there was people took money due to the glitches in their security system. What did really happen, actually we don't have exact answer yet. And the company by not explaining the situation makes things worst.

The hope of every user of the platform is not just to refund their wallets, but also to deal with a company running in transparence.
sr. member
Activity: 1330
Merit: 257
DGbet.fun - Crypto Sportsbook
January 29, 2022, 09:37:14 AM
#21
there may be other reasons why this opensea issue was not published, you know that if the strongest bad news from one platform will definitely affect prices, user trust and many more it can have a negative effect not only on NFT but all crypto.
the hope of every user of the platform is that the funds will be returned
sr. member
Activity: 2520
Merit: 280
Hire Bitcointalk Camp. Manager @ r7promotions.com
January 29, 2022, 09:20:48 AM
#20
Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.
Tweet: https://twitter.com/PeckShieldAlert/status/1485547426467364864

The incident was reported three days ago without any official announcement from the platform. According to this article, this how the incident happened:
A bug in the front end of OpenSea, one of the world’s biggest markets for Non-fungible Tokens (NFTs), is reportedly the cause of the hack, as it allowed users to buy popular NFTs at their previous listing price.
I didn't see any other threads as well, is there any announcement or update from the official site? If not then we can't trust that the platform is actually hacked, its not really hacked people took money due to the glitches in their security system.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
January 29, 2022, 07:17:02 AM
#19
No people didn't lose their money as the amount wasn't that big and can be recovered by OpenSea.
The weird thing is that the issue has been reported after discovering the first loophole back to last December. Devs are not aware that small issues can become a real problem if not treated at the right time.
They did actually. They supposedly received the current floor of their own nft but due to bug of what they did and opensea lack of feature, they loss tremendous amount of money through a genuus buyer who knows a backdoor with the loophole. I might say this isnt a hacked and scammer cant be dove as scammer. Now everyone with same case must be worried now. If I were opensea I talk to thowe guys and at least gave them some compensation though they also have mistake there.
legendary
Activity: 1778
Merit: 1474
🔃EN>>AR Translator🔃
January 28, 2022, 05:29:29 PM
#18
Oh, that's really too back to hear that at the start of the year we have a hack already, although the amount is that that huge compare to the other hacks from the past 4 years. Nevertheless people have lost their money due to the inability of the devs to really test their platform and look for loopholes. And now the hackers have found the exploits and we can't do anything about it. And it will tarnished the image of OpenSea with this hacks.
No people didn't lose their money as the amount wasn't that big and can be recovered by OpenSea.
The weird thing is that the issue has been reported after discovering the first loophole back to last December. Devs are not aware that small issues can become a real problem if not treated at the right time.
hero member
Activity: 2814
Merit: 911
Have Fun )@@( Stay Safe
January 28, 2022, 04:32:13 PM
#17
Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.
There is not much discussion regarding this even in other crypto related groups and i am involved in a few NFT projects and even i did not notice anyone complaining about the issue as well and i first saw this thread here. I do not see OpenSea making any announcement regarding this issue even though i see another article just like you shared. If users come onboard with the issue, OpenSea will make a statement if it really happened.
legendary
Activity: 2660
Merit: 1261
January 28, 2022, 12:48:39 PM
#16
-snip-.
Yes, that's why I told only bug advantage and not opensea fault at all.
1. Seller using a loophole to avoid un-listing price listing on opensea by sending by send to other address and sent back to original address
2. The previous listing will be disappear visual on the site, but on the smartcontract still being listing
3. Hacker not change any code, he just using API OpenSea because on there the old listing still can be used
4. Hacket run his own bot.
5. Then, is happened.

The seller use loophole for just don't want to avoid fee and now because the loophole it self back stabing him.
full member
Activity: 994
Merit: 105
January 28, 2022, 08:02:47 AM
#15
Lots of platforms have been hacked yet people are still using them as an example in the last year:
NFT tokens are a hot topic and such hacks will cause big problems for them especially with the increased competition and with more money flowing in, paying those sums is better than nothing.

While that is indeed true that many platforms have been hacked before, I think that it won’t be prevented that users will be rattled, especially that they were not made aware of such happenings. Although, paying those stolen funds may seem to be a way to salvage the situation, having a full disclosure will be highly appreciated by the users for sure.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
January 28, 2022, 04:46:42 AM
#14
Exploit or a genius?

I think this is the case of a BAYC nft who got sold on its long time bid. Ive been following the story few days back and we cant blame someone who see a loophole on the opensea. Its actually the error of the seller without finishing his sale or cancelling his bid before transferring to other wallet. Now the exploiter see a bright opportunity there and did some magic which should have been avoided if opensea showing any record of uncancelled transactions.

For me its an error of the seller and opensea. But the hacker clearly did not exploit any wrong codes he just probably find a way to buy a cheaper nft compared to current floor price.
hero member
Activity: 2842
Merit: 772
January 28, 2022, 04:37:47 AM
#13
Oh, that's really too back to hear that at the start of the year we have a hack already, although the amount is that that huge compare to the other hacks from the past 4 years. Nevertheless people have lost their money due to the inability of the devs to really test their platform and look for loopholes. And now the hackers have found the exploits and we can't do anything about it. And it will tarnished the image of OpenSea with this hacks.
legendary
Activity: 2702
Merit: 4002
January 28, 2022, 04:31:39 AM
#12
By the looks of it, it seems to be the situation, they are indeed hiding the situation. However, with this information coming out now, I think that this will affect OpenSea now. I just hope that they focus more on the quality of their security, in order to assure their users, who will surely panic and be worried upon knowing this incident.

Lots of platforms have been hacked yet people are still using them as an example in the last year:

 - 2021, December, 2021: BitMart hacked (Obtained access to hot wallet) with $150 million
 - 2021, August 19: Liquid hacked (Obtained access to hot wallet) with $97 million
 - 2020, September 25: KuCoin hacked (Data leak) of $275 million
.
.
.
 - 2018, January 27: CoinCheck hacked (Unknown) with $560 million

Source --> https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/

Most of these platforms have several million users who spend millions of dollars.

They probably hiding it unfortunately, someone caught them and this is not a small money at all. A decentralized platform where you can buy and sell NFT got hacked and that’s alarming to me. They should have a better security in the first place, and of course we deserve a total disclosure of this incident.

NFT tokens are a hot topic and such hacks will cause big problems for them especially with the increased competition and with more money flowing in, paying those sums is better than nothing.
full member
Activity: 700
Merit: 100
January 28, 2022, 02:47:53 AM
#11
I'm not surprised, they draw too much attention to themselves, although initially the site was not designed for such a large amount of money later. For this reason, their defense was most likely also designed for the basic level of attack. When you're making hundreds of thousands of dollars worth of trades, you need to invest in protection.
member
Activity: 1218
Merit: 49
Binance #Smart World Global Token
January 28, 2022, 02:27:51 AM
#10

Quote
A hack is a hack, even if the amount of money that got stolen is on the low side it does not change the fact that someone was able to find a bug big enough to allow them to do something like this, and if it takes so much time to fix something that is so small what is it going to happen the day a hacker finds a huge exploit on their platform? So while the amount is small compared to what we are used to see, it does not change the fact they need to improve their security before an even larger hack happens to them.

That's the point. There is a serious security problem in the OpenSea platform and this has to be fixed otherwise there can be another hacking to come later on and who knows if it can be more successful than this one. In an expanding and really exciting NFT industry, a huge platform catering to such an industry has to invest more on security as this can really affect the credibility of the whole industry itself.
legendary
Activity: 2660
Merit: 1261
January 27, 2022, 04:54:57 PM
#9
-snip-
You should learn to make a difference between hack and bug advantage.

Hack, you are completed hacking the whole platform. This is just a bug advantage because you are not canceling any listing price on the smart contract. Remember, any activity on the blockchain need a smart contract transaction for your activity.
- Listing
- Canceling
- Buy
- Other things.

The buyer is not canceling his listing price of 1,700$, you want to know what he did? he transfer the NFTs to other wallets to avoid spending money for canceling the listing price (That's mean, the victim is also trying to use a bug to avoid gas fee cost unlisting). Because of that, his listing price of 1,700$ is still stored on the smart contract.

Time to learn, If you have an activity on smart contract always canceled via smart contract and next time don't use any kind of loophole to bypass don't want to spend money for canceling. Imagine, you are using a bug opensea to avoid spending gas unlisting price and  you get rekt by the bug it self from what you did (Damn, it's like karma back stabing you).
---
Fun fact, at least the person who did this send 20 ETH to the victim.
legendary
Activity: 2534
Merit: 1338
January 27, 2022, 04:39:31 PM
#8
-snip-
No for what?

780,000$ is really small, you can easily to mixer the fund with Tornado Cash.
---

Some people think even myself, this kind of issue is not really "OpenSea"x. The reason is on the blockchain every listing needs a contract transaction, and the user also trying to avoid canceling the listing by transferring to another wallet and transferring back to the original wallet.

Basically, he doesn't want to pay fee transaction ~XD I believe, If he is not the cheapest person who just pay for the cancel listing should be not really getting into the problem.
A hack is a hack, even if the amount of money that got stolen is on the low side it does not change the fact that someone was able to find a bug big enough to allow them to do something like this, and if it takes so much time to fix something that is so small what is it going to happen the day a hacker finds a huge exploit on their platform? So while the amount is small compared to what we are used to see, it does not change the fact they need to improve their security before an even larger hack happens to them.
full member
Activity: 2128
Merit: 180
January 27, 2022, 04:37:08 PM
#7
It seems that the platform has contained the matter and paid the amount instead of jeopardizing its reputation.

By the looks of it, it seems to be the situation, they are indeed hiding the situation. However, with this information coming out now, I think that this will affect OpenSea now. I just hope that they focus more on the quality of their security, in order to assure their users, who will surely panic and be worried upon knowing this incident.
They probably hiding it unfortunately, someone caught them and this is not a small money at all. A decentralized platform where you can buy and sell NFT got hacked and that’s alarming to me. They should have a better security in the first place, and of course we deserve a total disclosure of this incident.
legendary
Activity: 2660
Merit: 1261
January 27, 2022, 04:29:10 PM
#6
-snip-
No for what?

780,000$ is really small, you can easily to mixer the fund with Tornado Cash.
---

Some people think even myself, this kind of issue is not really "OpenSea"x. The reason is on the blockchain every listing needs a contract transaction, and the user also trying to avoid canceling the listing by transferring to another wallet and transferring back to the original wallet.

Basically, he doesn't want to pay fee transaction ~XD I believe, If he is not the cheapest person who just pay for the cancel listing should be not really getting into the problem.
full member
Activity: 994
Merit: 105
January 27, 2022, 08:19:55 AM
#5
It seems that the platform has contained the matter and paid the amount instead of jeopardizing its reputation.

By the looks of it, it seems to be the situation, they are indeed hiding the situation. However, with this information coming out now, I think that this will affect OpenSea now. I just hope that they focus more on the quality of their security, in order to assure their users, who will surely panic and be worried upon knowing this incident.
legendary
Activity: 2702
Merit: 4002
January 27, 2022, 08:07:41 AM
#4
It seems that the platform has contained the matter and paid the amount instead of jeopardizing its reputation. Such events would resonate if it was for many individuals and not for one user.
The problem is that the existence of such vulnerabilities will cause people to believe that the technology has been hacked (ETH blockchain) and not the fault of the platform.

Also, the delay in correcting the bug is not a good indicator, so the average user should not keep the money in the platform for a long time.

Generally, it is good to hide such news for the industry as a whole but it is bad for OpenSea users.
hero member
Activity: 2758
Merit: 705
Dimon69
January 27, 2022, 07:45:32 AM
#3
Maybe they are covering the hacking event so that other user will not panic and to hide the exploit point on there system to minimize the damage done to different user. As I understand the situation, The funds affected is from user who's using the opensea so they are just planning to fix this privately before they announce the incident. This is my first time to read this news while I'm always using opensea to list my NFT's and check my listing daily.

Is there any news if all funds will be recover from the hacker?
legendary
Activity: 1932
Merit: 1273
January 27, 2022, 07:05:58 AM
#2
This is frustrating noting those kinds of bugs have already happened since December 2021.

Opensea have officially undisclosed the bug/exploit on their platform on January 26 January: Important updates for listing and delisting your NFTs

What I found ironic is they stated:
Our support team has also been working tirelessly to reach out to affected users and reimburse them until our product experience can make this risk clearer. We understand the community’s frustration that we haven’t been more public in our communication on this topic. Simply put, we were concerned that the more attention we drew to this mechanism, the more it could be abused by bad actors. As a result we focused our efforts on reaching out 1:1 with affected users rather than announcing this news more broadly.

I understand that, the move is pretty plausible, but the bug is already informed since the first known bug getting exploited[1]. Yet they need a month to finally fixed it on the front end side Roll Eyes

[1] https://twitter.com/cap10bad/status/1476980294347538435
legendary
Activity: 1778
Merit: 1474
🔃EN>>AR Translator🔃
January 26, 2022, 08:40:26 PM
#1
Someone in my local board posted about the incident and i was wonder why no other topics discussing the attempt.

PeckShield company announced in a tweet that the famous platform dedicated for create/exchange NFTs with $3.5 billion in monthly trading volume has been hacked for 332 Eth equivalent to $780,000 by the actual price.
Tweet: https://twitter.com/PeckShieldAlert/status/1485547426467364864

The incident was reported three days ago without any official announcement from the platform. According to this article, this how the incident happened:
A bug in the front end of OpenSea, one of the world’s biggest markets for Non-fungible Tokens (NFTs), is reportedly the cause of the hack, as it allowed users to buy popular NFTs at their previous listing price.
Jump to: