VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
▰ METHOD
Undisclosed
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
An OpenSea user exploited a vulnerability in the non-fungible token (NFT) market to steal hundreds of ether (ETH) from the owners of well-known collectibles such as the Bored Ape Yacht Club (BAYC) and Cyber Kongs of several items. The vulnerability appears to be related to the listing mechanism exploited by the platform and allows users to earn around 347 ETH by purchasing some NFTs at the previous listing price on different markets. Attack method (per SlowMist): Listing mechanism loopholes. Reported loss: 347 ETH.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- OpenSea
- bug_class
- unknown
- date_occurred
- 2022-01-25
- loss_usd
- —
- source_id
- sm:opensea::2022-01-25
Related — same bug class