OpenSea has now refunded consumers who sold valuable NFTs at substantially below their going market rate due to an exploit involving "inactive listings". It reimbursed a combined total of 750 Ethereum ($1.8 million).
Several users of the largest NFT marketplace recently reported that their high-end NFTs, such as those from the Bored Ape Yacht Club (BAYC) collection, was bought at previous, low listing prices. Even though the user interface on OpenSea suggested the contrary, these listings were never cancelled on the blockchain.
What made this happen? Tech-savvy users have been funnelling money into crypto wallet addresses without disclosing the source, then using those monies to acquire NFTs at previous listing prices via services like Tornado Cash.
This isn't a brand-new exploit. Users must pay a gas price to complete transactions on the Ethereum blockchain, including cancelling a listing on OpenSea that has not yet expired.
Some NFT owners discovered a loophole to avoid paying Ethereum gas fees, which may quickly run into the hundreds of dollars for a single transaction. The listing on the OpenSea UI vanished if they transferred the NFT to a secondary wallet and then returned it to the initial wallet.
The listing, however, had changed from "active" to "inactive." Inactive listings can still be bought by blockchain professionals who deal directly with the smart contracts themselves rather than through OpenSea's interface.
In response, on January 24, OpenSea launched an "inactive listings" feature on its desktop site.
OpenSea informed some BAYC holders earlier this week that they would be reimbursed some Ethereum for their losses. Tballer, who lost Ape #9991 for 0.77 ETH (about $1,700), will have to pay 130 ETH ($330,000) to get his Ape back.
"Fixing this issue is our #1 company priority," OpenSea co-founder Alex Atallah. We have a team working on it right now, and we're putting a countermeasure in place."
Ledger CTO Charles Guillemet provides a few suggestions for those solutions: "An alternative design could have avoided such a problem," says the author. The UI on OpenSea, according to Guillemet, should have been more user-friendly. He stated, "Transferring the NFT should not remove the sell order from the UI."