OpenSea Email Inadvertently Instructs Users to Mempool Exploitation

The largest NFT marketplace misinformed users, leading to a huge risk of mempool exploitation.

OpenSea Unintentionally Exposes Users to Risk of Exploitation 

OpenSea is at risk of losing its place as a top name in the Non-fungible Token (NFT) space. The largest NFT marketplace, in a bid to educate its users about their inactive NFT listings, sent out emails with misleading information. The information only made mempool exploitation easier to execute. 

The NFT marketplace sent out emails to users to cancel their inactive listings, ensuring they prevented their items from being sold at the inactive listing price. However, the instruction placed users at risk, as the move eventually gave exploiters the information needed to buy their NFTs at the original low price. Popular NFT collector on Twitter, Dingaling, warned users about the wrong information administered by OpenSea to its users. 

“Warning: Do not cancel your OS listings as stated in the email that OpenSea just sent out. Please first transfer your NFT to a different address and cancel the listing/s on the original address before sending it back. OS just put everyone at even more risk than before,” Dingaling tweeted on January 27th. 

OpenSea’s misleading email sent to users | Source

Dingaling’s thread on Twitter exposed the protocol’s incompetence after revealing how the information misled Niftygateway Artist, Swolfchan. According to Swolfchan’s Tweet on January 27th, 15 ETH was lost because of the email sent by OpenSea. 

“So i got two emails today from @opensea about listings, and lost 15 ETH+ from exactly what they are trying to prevent. I was told to please act urgently to cancel any inactive listing. Cancelled a 15 ETH MAYC @BoredApeYC, and it triggered a 6 ETH listing.. And sold?” Swolfchan wrote. 

The Right Information 

OpenSea, in the early hours of Friday, January 28th, discovered that the information had been used to exploit users. According to Dingaling, although the protocol updated its information, it was still misleading. 

“18 hours later and they’ve completely missed the point?! If you have already transferred an item back to your original wallet with old listings still fulfillable, revoke approvals first before cancelling orders. Do you even understand what happened @opensea?” the NFT art collector questioned the platform on Twitter. 

Source

Dingaling instructed users to prevent exploitation by transferring all the NFTs with “inactive Opensea listings” out of their addresses before canceling the live listings in their original addresses. NFTs can only be transferred back safely after all the listings are canceled. 

Alternatively, users can revoke the allowance of their NFTs to OpenSea on revoke.cash first before canceling the listings if they don’t want to transfer their NFTs. 

OpenSea has been on the wrong end of improvements recently. The protocol faced a series of problems towards the end of 2021, with website issuesirregularities in NFTs terms and conditions, and poor action from a top name in the OpenSea hierarchy. The latest blunder is not welcoming for the protocol, and it may pave the way for other Marketplaces, particularly on Binance Smart Chain (BSC), to move ahead in the pecking order. 

‍Source : bsc.news

Leave a Reply

Your email address will not be published.