TL;DR Breakdown
- Lead developer Nick Johnson’s account was hacked via NFTs.
- Opensea admitted to introducing a bug into the system.
- Similar incidents have occurred in the past.
Background
A few days ago, Nick Johnson, one of the lead developers for ENS, reported that his account was hacked. He noticed that 24.88 Ethers worth 100k USD were missing from his account and traced it back to Opensea where he noticed they wiped out all NFTs associated with him- rilxxlir.eth in particular which is an Ethereum Name Service or “nameservers” as we know them – meaning this user’s content can now be stored on a blockchain.
Nick discovered this bug while transferring his NFT from an ENS account to a personal one. He noticed that the token was sent to burn, with about 42 other collectors losing their funds as well.
I went to Opensea, hit ‘transfer’ and entered ‘nick.eth’ Moments later, transaction complete! rilxxlir.eth transferred to 0x0000…0000edd899b. Wait, what?
Nick Johnson
The above statement was his reaction.
Johnson also noticed that the bug had been introduced on the platform’s transfer page as a result of his interaction with this interface. All transactions involving ENS names were affected by it, and he knew what to do about them.
Opensea contacted users that were affected by the bug, where sending an NFT to an ENS name sent it to an encoded version of the literal text (e.g. “OS.eth”) rather than the associated address.
In the Cryptocurrency world, burning is not a strange term. By “permanently destroying a number of coins”, burning helps to confer significance on what’s left in circulation. While “burned” coins or tokens are rendered unusable as a result of this process, coins in circulation gain value. Larger coins, such as Bitcoin and Ethereum, do not usually take this route.
A Bug Burner is a completely different scenario; these bugs allow an attacker to generate random private transaction keys. After that, the private keys are modified to ensure that multiple transactions are sent to the stealth address, also known as the burn address.
Opinion
Opensea is a peer-to-peer cryptocurrency marketplace that allows you to buy and sell any virtual goods, including games. As of the 20th of July, 2021 their valuation had reached $1.5 billion.
If this incident occurs again, it is possible that Openseas’s patronage will suffer. OpenSea should be commended for responding quickly to the bug issue.
Furthermore, OpenSea should have informed the general public that they were introducing a bug into the system.
The NFT Marketplace’s sales have also dropped from over $1 billion to $217 million. It can be deduced from the Bug burning incident that Opensea is taking steps to make the NFTs Marketplace a more secure place from hacker attacks, as sales figures indicate that NFTs may be losing their relevance.
Similar incidents in the past
In 2017, approximately $300 million in cryptocurrency was unintentionally lost due to a bug burner. A user inadvertently gained access to hundreds of wallets containing the cryptocurrency Ether. Although the user attempted to return the coins to their rightful owner, he inadvertently destroyed them. This event was very similar to the one that occurred in 2017.
We believe the bugs have been fixed, but we are unsure whether the NFTs have been recovered. It is extremely unlikely that coins sent in error can be recovered, but this does not rule out the possibility. Some exchange platforms offer this chance. Exorbitant cross-chain recovery fees are charged by exchange platforms, which profit greatly from this process.
Conclusion
Bug Burners could pose a great risk to NFTs. NFT Marketplaces must put in the necessary security measures to make sure that NFTs remain secure as security will help to foster trust in NFTs projects. Artists and creators will only invest in secure projects.
