- Exploiters made over a million buying NFTs way below floor price and flipping them immediately for profits.
- New listing manager allows users to cancel inactive listings with one click.
- Users say the new listing manager is not a fix, just a band-aid.
After hackers exploited a bug in OpenSea’s interface yesterday, the NFT marketplace has just launched a new listing manager today.
A demo video of the new listing manager posted on Twitter shows that it allows users to cancel inactive listings with one click.
Users who were affected by the exploit were those who did not delist their NFTs after transferring them to another wallet to avoid the gas fees OpenSea charges for delisting. The users were unaware that old listings were still active on OpenSea’s API, which allowed anyone who’s seen the old listing to buy the NFT below its current listed price.
However, the new listing manager also charges gas fees for cancelling inactive listings. Despite this new solution, users remain incensed and are asking for a solution that automatically cancels a listing on OpenSea whenever it has been transferred to another wallet so that no fees will be paid for delisting.
An OpenSea spokesperson said that the marketplace is working on integrating a feature that notifies users of active listings when they transfer the active listed NFTs out of their wallet, reminding users to cancel their listings.
OpenSea is also in the process of reducing its default listing duration from six months to one month so that NFTs that are transferred back into OpenSea’s wallets after one month will have automatically expired.
The listing bug was brought to attention on December 31, three weeks before yesterday’s exploitation. Over a million dollars’ worth of NFTs were stolen in yesterday’s listing bug fiasco, including Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats and Cyberkongz NFTs.
According to blockchain security company Elliptic, “one attacker, going by the pseudonym ‘jpegdegenlove’ today paid a total of $133,000 for seven NFTs – before quickly selling them on for $934,000 in ether. Five hours later this ether was sent through Tornado Cash, a ‘mixing’ service that is used to prevent blockchain tracing of funds. Jpegdegenlove also seems to have partially compensated two of their victims – sending 20 ETH ($45,000) to TBALLER and 13 ETH ($30,000) to Vault327. Another attacker purchased a single Mutant Ape Yacht Club NFT for $10,600, before selling it on five hours later for $34,800”
In addition to the new listing manager, OpenSea has also been reaching out to users who have suffered from the attack to reimburse them.
Stay up to date: