Русский 
中文 
Eesti 
Español 
Deutsch 
Български 
Türkçe 
OpenSea at the Center of Scandal: Bored Apes NFT Collection Theft and Litigation
12.04.2022
The OpenSea marketplace was at the center of a high-profile scandal - the site was accused of stealing and hiding Bored Apes tokens, which were never put on sale. Three lawsuits were filed at OpenSea at once.
Three users became victims. Timmy McKimmy and Michael Valis said they lost their BAYC assets through attack and hacking by third parties. According to the victims, the attackers acted through holes in the code of the OpenSea site. The third victim, Robert Armijo, lost his assets as a result of clicking on a phishing link. At the same time, the user claims that OpenSea did not interfere with this in any way.
According to the lawyer of one of the victims, his token number 8858 never went on sale - the marketplace simply did not list it. At the same time, the site requires a connection to user wallets so that other users can see which tokens are currently available.
Having made an application for the purchase of a token, the hacker exploited the vulnerability and corrected the program code of the site in such a way that he completed the sale to himself. Within an hour, the received NFT was resold to another, real user.
According to OpenSea, the hacker arranged to sell NFTs to himself at a price of 0.01 ETH, with a real average price of 112.9. Later, another client purchased a token from a hacker at an inflated cost.
The lawyer stressed that the victim had repeatedly contacted the OpenSea administration to resolve the incident and return the lost token. However, all efforts ended with the marketplace's statement about the proceedings in the incident.
The Robert Armijo Incident
The third victim, Robert Armijo, lost several NFTs at once. As stated in the lawsuit, the victim agreed with a third party to sell tokens on Discord. The scammer offered to go to a specific website address for a sale and a subsequent transaction. After this action, the owner completely lost control of his tokens. Thus, the address turned out to be phishing.
Although OpenSea is not directly connected to this incident, Armijo suggests that this is where the scammer turned in the hope of selling NFT as soon as possible.
As a result, the attacker used another marketplace - LooksRare. The victim also filed a lawsuit against this site.
Three users became victims. Timmy McKimmy and Michael Valis said they lost their BAYC assets through attack and hacking by third parties. According to the victims, the attackers acted through holes in the code of the OpenSea site. The third victim, Robert Armijo, lost his assets as a result of clicking on a phishing link. At the same time, the user claims that OpenSea did not interfere with this in any way.
According to the lawyer of one of the victims, his token number 8858 never went on sale - the marketplace simply did not list it. At the same time, the site requires a connection to user wallets so that other users can see which tokens are currently available.
Having made an application for the purchase of a token, the hacker exploited the vulnerability and corrected the program code of the site in such a way that he completed the sale to himself. Within an hour, the received NFT was resold to another, real user.
According to OpenSea, the hacker arranged to sell NFTs to himself at a price of 0.01 ETH, with a real average price of 112.9. Later, another client purchased a token from a hacker at an inflated cost.
The lawyer stressed that the victim had repeatedly contacted the OpenSea administration to resolve the incident and return the lost token. However, all efforts ended with the marketplace's statement about the proceedings in the incident.
The Robert Armijo Incident
The third victim, Robert Armijo, lost several NFTs at once. As stated in the lawsuit, the victim agreed with a third party to sell tokens on Discord. The scammer offered to go to a specific website address for a sale and a subsequent transaction. After this action, the owner completely lost control of his tokens. Thus, the address turned out to be phishing.
Although OpenSea is not directly connected to this incident, Armijo suggests that this is where the scammer turned in the hope of selling NFT as soon as possible.
As a result, the attacker used another marketplace - LooksRare. The victim also filed a lawsuit against this site.