Hackers can sell blocked NFTs on OpenSea via the match advanced order function
In the latest OpenSea’s Seaport Protocol’s woes, a prominent NFT collector revealed that hackers could sell stolen Bored Ape Yacht Club (BAYC) NFTs via the protocol’s Match Advanced Order function.
OpenSea needs to review their stolen ape policy
An NFT collector known as “Franklinisbored”, the 6th largest BAYC NFT holder, recently tweeted about someone who exploited the NFT marketplace’s stolen ape policy and sold it to his collection despite being reviewed for suspicious activity (yellow mark).
Notably, it’s the second time in less than a week the hackers are exploiting OpenSea’s stolen Ape policy. On January 20, Franklin called out the NFT marketplace, asking them to fix their stolen ape policy.
In another tweet, Franklin noted that an ape with a yellow caution mark had been sold to an offer for 65 WETH. OpenSea collected 1.625 WETH in transaction fees, and the ape could not be resold.
Ideally, cybercriminals are now executing blocked NFTs sales using the Match Advanced Orders function. The function allows them to bypass OpenSea’s security policy that prevents blocked BAYC from selling, allowing them to mint and sell provided there’s a bidding buyer.
More loopholes in OpenSea’s protocol
It’s probably a loophole that hackers use to sell stolen NFTs after the alleged use of ‘magic’ to steal apes and NFTs from the OpenSea community. In December, users lost expensive tokens after hackers manipulated the private action feature to appear as a log-in and unintentionally entice users to release their token holdings.
The hackers used OpenSea’s Gasless Sales feature, which allows holders to sell NFTs by using an unreadable message to authorize the transaction. The unreadable message also allows one to place private auctions at predetermined prices.
Previously, OpenSea had launched the new security features in a fresh effort to stop crooks from reselling stolen NFTs. The company announced that it was testing its new system to flag NFTs involved in malicious transactions. The system is expected to detect stolen NFTs, ban their transactions on the marketplace, and protect other users from possible phishing attacks.
Lost hope for users
OpenSea is yet to protect its users from advanced NFT thefts. The company is partnering with other stakeholders in the industry to reduce scams, although it may not be well in time to help all its users.
Reacting to Franklin’s experience, users blamed it on OpenSea and expressed their thoughts about the NFT marketplace. @e22vault said: “Maybe it’s time we all stop using Opensea”. Another used by the name @babie_wtf’ stated: “Opensea isn’t the only market out there. Eventually, decentralized networks will prevail.”
OpenSea sales surge
For the first time in a year, OpenSea has witnessed a consecutive monthly surge in Ethereum NFT sales. The sales volume corresponding to January has already surpassed that of December. The largest NFT marketplace in the world processed over $320 million worth of Ethereum in NFT trades during January.
This may be a sign of positive things to come, since it’s the first time since April 2022 that OpenSea has registered growth in sales.
