An Opensea loophole has resulted in the cheap sale of a few BAYC and Crypto Kitties NFTs and shaken confidence in NFTs themselves, but here’s how you can protect yourself. Hint: always pay the gas fee and close your listings when you no longer want to sell.
NFTs have taken the world as one of the most fun and engaging investments available the past few years, but hearing these headlines about blue-chip NFTs being “hacked” might make you nervous about interacting with the crypto world. Just in case you’re not familiar, tokens known as the Bored Ape Yacht Club (or BAYC) routinely sell for well over $100,000 into the multi-million dollar range. Recently, several of these blue-chip NFTs have sold for a fraction of their worth to “hackers” and were then resold at market value for a ridiculous profit. In some cases, the initial sale (where the hackers took advantage of the loophole) has been less than 1 ETH for a BAYC token that would typically have a market value of no less than 91 ETH (at time of writing).
The good news is that it was a loophole that caused these unfortunate sales, not necessarily a true “security breach”, so we can take a deep breath. We’re going to go over exactly how this happened and a few best practices you can employ to protect your crypto assets. Let’s get to it.
So what exactly was this loophole? Imagine you bought a BAYC NFT and held it for a month or two. Prices skyrocket, so much so that you consider selling it. You even list it for sale, which most often doesn’t incur a gas fee (you can read Opensea’s listing policy here). But the price keeps going up, faster than you thought.
Luckily it doesn’t sell immediately so you go to delist it, but delisting requires a gas fee to officially close the listing. Instead of paying to cancel the transaction, you simply transfer the NFT to a different wallet of yours. Presto, problem solved and gas fee avoided. Why pay for something that didn’t make you money, right? WRONG!
That’s what several people did. Unfortunately when it’s done this way, the blockchain doesn’t actually close the transaction. Fast forward to today, when the BAYC floor price fluctuates between 80 and 90 ETH, and these people have set themselves up for a problem. Some forget that they had listed to sell at one point long ago and that the below market value listing has remained active (because they’d never paid the gas fee to close it). When the NFT returns to the wallet it was originally in when listed for sale, that listing becomes viable again. Boom. That’s how a few sneaky individuals were able to snipe these blue chip NFTs at a huge discount and then sell them at market value for a gnarly profit.
In response to this loophole, Opensea has reportedly (according to this post) been reimbursing victims of this problem. In addition to attempting to assuage the damage done, they’ve created a new interface that shows all active listings to help people avoid this issue. Because Opensea is simply a marketplace that intermediates and facilitates interactions between the parties of the blockchain and the users, they can’t close transactions for users. But they can make them more visible and organize them all in one place to minimize the risk of this happening more in the future.
The moral of the story? In a world where we’re used to changing our minds on a whim and have grown accustomed to expecting immediate results, it’s best to interact with the blockchain carefully. Transactions are written in permanent pen, not pencil, so it’s best to be careful and methodical with your NFT purchases and sales. Always close your transactions and listings, even if it means paying a little extra gas. Cheers!