We don’t make security themed that often, but we couldn’t get past a recent situation, that happened with one of the enthusiasts.
KingMgugga is a crypto Twitter member, who became a victim of a scam and is now sharing his devastating experience with us.
8 months ago BAYC was nowhere near to how successful it is right now and Mgugga’s dad bought a monkey for just 1 ETH. When the hype started he decided to earn a couple bucks and put the token up on sale for 1.49 ETH, lowering the price to 1.45 ETH some time after, making the ape sell out.
Mgugga decided to congratulate his dad with retirement and chose a creative way to do that. He found that same ape on sale for 17 ETH just 2 months after his dad sold it and bought the NFT to gift it as a present.
This is when things start getting mystical, because just 16 hours after Mgugga sees his dad’s monkey selling on OpenSea for 1.49 ETH. How could that happen if his dad possesses the token?
Looks like a scammer has performed an incredibly smart trick with OpenSea sell orders.
Considering OpenSea sales are decentralised, all the checks and transaction are left on chain after the execution and this helped the thief. After Mgugga’s dad lowered the price of ape all the way back in summer, previous 1.49 ETH price data was hidden away from OpenSea users and the seller, but left on chain before the token being transferred.
The thief found that hidden listing with the old price data and somehow activated it, buying the ape for 1.49 ETH. When the story got featured in the media other scammers started using the same scheme and even more tokens were duplicated because of this OpenSea AI exploit.
We are really sorry for all the people, who were tricked and unfortunately we can’t bring their tokens back, but we can tell you what to avoid in order to stay safe on OpenSea.
- The algorithm of price reduction, that OpenSea introduced was possibly created to rival Rarible, who started overtaking OpenSea in terms of transaction number and this algorithm isn’t ready yet, so you can just avoid using it.
- In case you need to change the price of the lot, the best way to do that would be transferring the token to another wallet and deleting the listing totally. You can then make a new listing, using the wallet, you transferred the token to.
- And most importantly, don’t buy the tokens, you have owned and changed price of previously, because that decreases the chances of being scammed that way significantly.
We really hope OpenSea will hear us soon and the exploit will be fixed, but till then you better be on the lookout.