it was a terrible start to the week for some Bored Ape Yacht Club (BAYC) owners.
A bug on OpenSea, the largest NFT marketplace in the world, saw their valuable art collection devalued by over 99%, leading to hundreds of thousands in losses.
Hackers exploited a bug that seemingly allows previously listed NFTs to be sold, even after the owner ‘de-lists’ them from the marketplace.
Basically, when you want to de-list your NFT from the marketplace, you sign a transaction blacklisting your listing. This process charges you some gas fees, which some owners are not fond of.
To avoid these fees, some simply choose to transfer the NFT from one ETH address to another. While this accomplishes the goal of de-listing the NFT from the marketplace, it doesn’t remove it from the marketplace database, thus the loophole.
In short, improper de-listing of your NFT means it is technically still on sale, sometimes for a fraction its true worth.
On Monday, someone exploited this glitch and made away with a few Bored Apes.
The first was Bored Ape #9991, which sold for 0.77 ETH. Owner @TBaller, was shocked cold when he saw his prized ape disappearing from his wallet, taking to Twitter to explain this blatant theft. Other owners also reported the same with their NFTs.
Meanwhile, the thief re-sold the stolen items at their real market price, generating a tidy profit. Bored Ape #9991 was re-sold for 84.2 ETH ($192,400), translating to a $190,000 profit.
The Ethereum wallet linked to the thief received over 400 ETH ($904,000) in OpenSea payouts over a 12-hour period.
In a strange act however, the thief sent 20ETH to his first victim @TBaller.
Other than BAYC, NFTs from Cool Cats and CyberKongz collections were also stolen.