Non-fungible tokens (NFT) marketplace OpenSea launched a new listing manager, among other measures, to mitigate a user interface flaw that saw over $1 million worth of NFTs sold at prices far below their market value.
- On Monday, three attackers were able to take advantage of the bug and buy popular NFTs at older, lower prices, and sell them for a massive profit.
- An OpenSea spokesperson told CoinDesk via email that "this is not an exploit or a bug" but rather "an issue that arises because of the nature of the blockchain."
- The marketplace launched a new listing manager early on Tuesday, adding a dashboard that shows all of one user's inactive listings where they can cancel each listing with one click.
- "The fix only handles and solves for new users, as it only fix the facade (web app) and not the vulnerable contract itself," said Tal Be'ery, chief technology officer of crypto wallet ZenGo, told CoinDesk via Twitter. "Old users that re-listed their NFTs on OpenSea in the past are still vulnerable to such attack," whereas new users "simply cannot re-list NFTs without cancelling previous lists explicitly," he added.
- On top of the new dashboard, OpenSea has been reaching out to and reimbursing affected users, the spokesperson said, adding that they have not "communicated broadly about this issue" to avoid bringing it to the attention of bad actors.
- OpenSea also changed its default listing duration from six months to one month, and started notifying users if they have an active higher price listing when they reduce the price for the same item, the marketplace told CoinDesk.
- In the next two days, OpenSea will ship another two features to address the listing issue, the company said. The first feature is that when a user transfers an NFT out of their wallet for which they have an active listing, OpenSea will notify them that the NFT in question is an active listing, giving the users an option to cancel the transfer. The second feature is to email users when they transfer an NFT into a wallet with an active listing for that NFT.
UPDATE (Jan. 25, 19:11 UTC): Adds more details about OpenSea's current and future changes in the last two bullet points.
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.