Giant marketplace OpenSea has been making headlines this month due to its listings-related bug. Over the past week, many collectors found their blue-chip NFTs sold for ridiculously low sums, all thanks to an OpenSea bug.
This week, the company tried to fix the situation by asking its users to cancel old, inactive listings of their NFTs. However, one NFT collector discovered that their advice puts NFT holders at an even higher risk than before!
Why is OpenSea’s listings advice dangerous?
Over the past few days, we’ve seen NFTs such as Bored Apes and Cool Cats getting sold for a bargain. This event caused a stir among OpenSea users asking the company to take action immediately.
As a first response, the giant marketplace reimbursed victims affected by the glitch. Then, officials asked collectors via e-mail to cancel their old inactive listings:
“We are writing to you because your account has at least one inactive listing on an item. (…) To prevent any of your items from being sold at the inactive listing price, please act urgently to cancel any inactive listings,” the company wrote.
However, the company made a mistake again, as Twitter NFT influencer @dingalingts discovered:
Explaining the OpenSea new bug
Basically, if you cancel an old inactive listing, hackers are able to see the cancellation transaction waiting in the ETH Mempool. The code reveals your transition details, including your signature; as a result, hackers can easily detect other old listings of the very NFT you’re canceling, and use those to buy your digital asset.
Why is this more dangerous? Well, according to @dingalingts, checking the ETH Mempool is much easier than looking through the OpenSea APIs for old, inactive orders. In essence, every NFT holder trying to cancel his listings attracts hackers willing to steal their digital assets.
Sadly, this has already happened to many collectors over the past few hours:
This is just one example. Accordingly, a World of Women NFT also sold for 20% of the collection’s floor after its holder canceled one of the old inactive listings.
Obviously, the NFT community is taken aback, considering that OpenSea is the largest NFT marketplace worldwide. As Twitter users are trying to spread the word on the danger, the victims once again await some form of compensation.
Thankfully, some community members are helping collectors out too. In the past few days, several Recovery Bot Twitter accounts surfaced. These anonymous collectors identify (and purchase) stolen NFTs to return them to their initial holders.