Share this article
OpenSea Bug Allows Attackers to Get Massive Discount on Popular NFTs
The bug was spotted as early as December 2021.
Updated May 11, 2023, 5:05 p.m. Published Jan 24, 2022, 1:31 p.m.
A bug on the non-fungible tokens (NFT) marketplace OpenSea has allowed at least three attackers to secure massive discounts on several NFTs and make a huge profit.
- The bug, which was discovered as early as Dec. 31, 2021, allowed the attackers to buy NFTs at older, lower prices, and sell them for a hefty profit. Blockchain analytics firm Elliptic wrote in a blog post that one attacker called jpegdegenlove "paid a total of $133,000 for seven NFTs – before quickly selling them on for $934,000 in ether. Five hours later, this ether was sent through Tornado Cash, a 'mixing' service that is used to prevent blockchain tracing of funds."
- NFTs are digital assets on a blockchain that represent ownership of virtual or physical items. OpenSea is one of the largest marketplaces for NFTs.
- Elliptic estimates the market value of the affected NFTs to be over $1 million.
- Jpegdegenlove partially reimbursed two of the victims, sending them back a total of $75,000 on Monday, Elliptic said.
- Some users have been transferring their listed assets to other wallets to take them off the market place whilst avoiding the delisting fee, founder of NFT project freshdrops_io tweeted back in December.
- But even though the item may appear to be off the OpenSea front end, it is still accessible on OpenSea APIs and Rarible, another NFT marketplace.
- CoinDesk could not reach OpenSea for comment on this story.
- One NFT from the popular Bored Ape Yacht Club (BAYC) collection was listed under its July 2021 price of 23 ether, and the attacker was able to sell it for 135 ether, making a quick profit of more than 100 ether, tweeted Tal Be'ery, Chief Technology Officer of ZenGo crypto wallet.
- Asked about the bug, an OpenSea Discord admin confirmed to CoinDesk that "if you had an open listing that you never cancelled, or didn't hit its expiration, it still exists."
- "The thief had a bot to scan the blockchain for pending transactions that had low floor pending and bought them," Joe Vargas, an influencer who also runs his own NFT project, told CoinDesk.
- Bored Ape Yacht Club, Mutant Ape Yacht Club, CyberKongz and Cool Cats NFTs have been affected.
- One collector, who saw their BAYC sell for 0.77 ether, went on Twitter to express his shock when he realized his NFT had disappeared.
Yooo guys! Idk what just happened by why did my ape just sell for .77?????
— TBALLER.eth (@T_BALLER6) January 24, 2022
STORY CONTINUES BELOW
Read more: OpenSea Says It Patched an NFT Phishing Vulnerability
UPDATE (Jan. 24 17:56 UTC): Adds details from Elliptic's analysis.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Most Influential: Rushi Manche
The Movement Labs’ co-founder’s secret dealings and subsequent scandal stoked industry-wide anxieties about opaque token allocations and insider trading.
Top Stories
