TL; DR Breakdown
- OpenSea pays affected users $1.8 million
- Users were accessing OpenSea via a backchannel
- OpenSea solution puts users at risk
Over some weeks ago. OpenSea was involved in some issues with its user base. The issue started after they complained their listed pieces were undersold. In response, OpenSea has refunded all users affected by the inactive listing exploit. According to the company’s statement, it has awarded about $1.8 million in Ethereum to all the affected users across the platform.
Users were accessing OpenSea via a back door
Going by the previous update, the most affected users were those with the Bored Ape Yacht Club NFTs. The main issue here was that majority of these listings were sold at an old price instead of the updated price. The pieces were not taken away from the blockchain even though users could not access them using the OpenSea platform. What led to this was that most of the buyers of NFT used Tornado Cash to deposit funds into the platform.
Since their source could not be ascertained, the buyers could leverage this to purchase most of the listing at the old prices. However, analysts have mentioned that this system has long been in play. Going by the modus operandi, users are mandated to pay gas fees whenever they intend to carry out transactions on the blockchain. However, before the platform could allow users to choose when their listings would expire, some had been there without one. It requires the owners to pay fees to cancel them from listings.
OpenSea’s inactive listing exploit explained
In a bid to evade paying the gas fee for delisting their NFTs, a few of the platform users found a back door to do it for free. The back door requires them to send their NFTs into a wallet and back into the platform. With this, the listings would no longer be on OpenSea. However, they failed to understand that the backchannel made the listings inactive and some select traders could still access and buy them.
In a bid to help users avoid exploits, a mail was sent out where they were told to cancel their inactive listings swiftly. Taking to Twitter, an artist complained that the email was unprofessional, and made the issue worse. The steps could open artists to exploits where traders can still purchase their NFTs at a lower price.
