OpenSea NFT marketplace has suffered a front-end attack with the exploiter withdrawing 332 ETH (US$800,000), as reported by security and data tracker PeckShield.

Fast facts

  • PeckShield noted the issue overnight Asia time, revealing the attacker received 10 ETH from Ethereum mixer TornadoCash, which was then wrapped to wETH to carry out the attack.
  • The attackers seized control of Mutant Ape Yacht Club, Bored Ape Yacht Club (BAYC) and Cool Cats NFT collections.
  • One Twitter user who goes by TBaller.eth had their BAYC token sold during the hack for 0.77 ETH, instead of its floor price of 86 ETH.
  • In response, OpenSea said via Twitter: “Listings made a long time ago are resurfacing when items transfer back into lister’s wallets. We can’t cancel these orders for listers, so to fix the problem, we launched a new listings manager today.”