OpenSea users lose a collective $1.8 million to an issue allowing people to buy NFTs at low prices from old OpenSea listings the sellers thought they'd deleted

Bored Ape illustration: light brown ape with a laurel crown, coins over its eyes, and an army jacket on a light blue background.Bored Ape #9991 (attribution)
A horrified (former) owner of a Bored Ape tweeted that his NFT had just unexpectedly sold for a measly 0.77 ETH (about $1,700) and that "I cant financially afford that loss". The purchaser netted a handsome profit by quickly reselling the NFT for 84.2 ETH ($190,000). It appears that the buyer took advantage of the fact that they could still purchase NFTs that had previously been listed for sale at a lower price, even once the owner thought they had removed the listing. In about 90 minutes, the person was able to exploit the issue by buying and selling several different NFTs for a total profit of about $880,000.

A software engineer investigating the incident attributed it to OpenSea's choice to do many of their operations off-chain to save on the expensive gas fees required for any Ethereum blockchain transaction, saying this introduced a disparity where updates were not reflected on-chain. Another person investigating the apparent issue reported that this looked to be the same "glitch" as earlier this month, where users tried to avoid paying the gas fees to delist their NFT sales by swapping them out of their wallet and back again, not realizing the listing would still be active when the NFT was returned.

OpenSea added an "Inactive listings" page to allow people to view listings that are still associated with NFTs that have been transfered out of the wallet, though the feature doesn't seem to have been widely publicized and it's not clear when it was released. They also later reimbursed users who suffered losses from this exploit, to the tune of about $1.8 million.