Earlier this week, some OpenSea users were shocked to find that their precious NFTs had been sold for next to nothing. And many, understandably, were devastated.
"I just lost an ape guys…. I'm crying…. How did this just happen????" tweeted an OpenSea user who goes by TBALLER on Monday, adding 15 crying emojis.
TBALLER saw their Bored Ape Yacht Club (BAYC) NFT get sold for around $1,800 on OpenSea — 99% below the floor price — due to a user interface (UI) issue on the NFT marketplace. The buyer who poached the NFT then resold it immediately for nearly $200,000, making a profit of $198,000 within an hour.
The issue, while not new, resurfaced in a big way this week. Blockchain analytics firm Elliptic identified at least three attackers who purchased more than eight NFTs worth over $1 million for much less than their market value on Monday. Those NFTs were from collections such as BAYC, Mutant Ape Yacht Club, Cool Cats, and CyberKongz. One attacker gained 332 ether (worth over $800,000) by purchasing NFTs below market value due to the issue, according to blockchain security firm PeckShield.
An OpenSea spokesperson told The Block that the company is "actively reaching out to and reimbursing affected users" who saw their NFTs get sold below market value due to the "confusing UI" issue. At the same time, the marketplace is trying its best to solve the problem by increasing awareness of it and giving users more visibility and control when managing their NFTs.
What is the issue?
Here's the root of the problem. Say an OpenSea user has an offer to sell their NFT at a certain price. But instead of canceling the offer and paying gas fees to do so, they chose to move the NFT to a different wallet. This shows that the offer is no longer there on OpenSea. But the problem occurs if they move the NFT back to the same wallet — the offer still exists and is still valid, and anyone can accept it.
This issue is a much bigger deal when the NFT in question has shot up in value between the times of the original offer and when it's moved back to the same wallet. While the user now believes their NFT to be worth hundreds of thousands of dollars (in the case of BAYC), the NFT gets sold for their original price, which might be as low as a thousand dollars. And it's this discrepancy that's causing such misfortune.
The only way to cancel a sell offer on OpenSea is to do an on-chain transaction, which is often costly due to high gas fees on Ethereum. This is why OpenSea users choose to move their NFTs to a different wallet instead of canceling their sell offer.
"Gas price evasion is driving bad design and bad behavior from users," Ledger CTO Charles Guillemet told The Block. "The challenge of scalability has never been so actual, and the solutions are Layer 2 [networks] and not off-chain logic tricks."
OpenSea has had this UI design since its launch. But the flaw has only been noticed by attackers in the last few months. The OpenSea spokesperson said the company has not communicated broadly about this issue "because we did not want to risk bringing it to the attention of bad actors who could abuse it at scale before we had mitigations in place."
"This is not an exploit or a bug — it's an issue that arises because of the nature of the blockchain," said the spokesperson. "OpenSea cannot cancel listings on behalf of users. Instead, users must cancel their own listings."
How is OpenSea trying to prevent it?
OpenSea said it has taken the UI issue "incredibly seriously" and is working on several product improvements.
First, the platform has launched a new listings manager that allows users to easily see and cancel their listings.
Second, OpenSea is changing its default listing duration from six months to one month so that if an NFT is transferred back into a wallet after one month, the listing will have expired, said the spokesperson.
OpenSea will further provide notifications to users when they transfer an NFT that has an active listing associated with it out of their wallet and ask them if they want to cancel it. If OpenSea has the user's email address associated with their OpenSea profile, it will also send them an email in that regard, said the spokesperson.
This is not the first time OpenSea users have gone through issues. In September, a bug in the NFT marketplace accidentally destroyed at least 42 NFTs, worth a minimum of $100,000. Early last year, an OpenSea user named Tom Kuennen saw his NFT vanish from his wallet because the platform did not support ERC-1155 tokens at the time.
OpenSea is a market leader in the NFT space with over 60% market share currently — down significantly this month due to the increase in activity on LooksRare, which has largely been driven by wash trading. OpenSea recently raised $300 in a Series C funding round that brought its valuation to $13.3 billion.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.