OpenSea NFT marketplace has suffered a front-end attack with the exploiter withdrawing 332 ETH (US$800,000), as reported by security and data tracker PeckShield.
Fast facts
- PeckShield noted the issue overnight Asia time, revealing the attacker received 10 ETH from Ethereum mixer TornadoCash, which was then wrapped to wETH to carry out the attack.
- The non-fungible tokens (NFT) market is predicated upon the tokens being trusted signals of ownership, but their vulnerability to such attacks may further undermine that trust amid concerns over copyright infringement or de-listing controversies.
- The attackers seized control of Mutant Ape Yacht Club, Bored Ape Yacht Club (BAYC) and Cool Cats NFT collections.
- One Twitter user who goes by TBaller.eth had their BAYC token sold during the hack for 0.77 ETH, instead of its floor price of 86 ETH.
- In response, OpenSea said via Twitter: “Listings made a long time ago are resurfacing when items transfer back into lister’s wallets. We can’t cancel these orders for listers, so to fix the problem, we launched a new listings manager today.”
