Non-fungible tokens (NFT) marketplace OpenSea launched a new listing manager, among other measures, to mitigate a user interface flaw that saw over $1 million worth of NFTs sold at prices far below their market value.
- On Monday, three attackers were able to take advantage of the bug and buy popular NFTs at older, lower prices, and sell them for a massive profit.
- An OpenSea spokesperson told CoinDesk via email that "this is not an exploit or a bug" but rather "an issue that arises because of the nature of the blockchain."
- The marketplace launched a new listing manager early on Tuesday, adding a dashboard that shows all of one user's inactive listings where they can cancel each listing with one click.
- "The fix only handles and solves for new users, as it only fix the facade (web app) and not the vulnerable contract itself," said Tal Be'ery, chief technology officer of crypto wallet ZenGo, told CoinDesk via Twitter. "Old users that re-listed their NFTs on OpenSea in the past are still vulnerable to such attack," whereas new users "simply cannot re-list NFTs without cancelling previous lists explicitly," he added.
- On top of the new dashboard, OpenSea has been reaching out to and reimbursing affected users, the spokesperson said, adding that they have not "communicated broadly about this issue" to avoid bringing it to the attention of bad actors.
- OpenSea also changed its default listing duration from six months to one month, and started notifying users if they have an active higher price listing when they reduce the price for the same item, the marketplace told CoinDesk.
- In the next two days, OpenSea will ship another two features to address the listing issue, the company said. The first feature is that when a user transfers an NFT out of their wallet for which they have an active listing, OpenSea will notify them that the NFT in question is an active listing, giving the users an option to cancel the transfer. The second feature is to email users when they transfer an NFT into a wallet with an active listing for that NFT.
UPDATE (Jan. 25, 19:11 UTC): Adds more details about OpenSea's current and future changes in the last two bullet points.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.