red 
The bug was exploited to buy NFTs from OpenSea users, at well below market value. In this way, NFTs with a market value of $1.1 million were purchased.
Elliptic has identified at least five attackers who exploited this loophole to purchase at least twelve NFTs for far less than their market value. These include Bored Ape Yacht Club, Mutant Ape Yacht Club, Cool Cats and Cyberkongz NFT.
The NFT was bought using exploitation and then resold for a significant profit
For example, around 7am on January 24th, Bored Ape Yacht Club NFT #9991 was purchased for 0.77 ETH ($1,800). This family of NFTs is currently trading for at least $198,000. Twenty minutes later the hacker sold the NFT for 84.2 ETH ($196,000) – making a profit of $194,000.
One attacker, under the pseudonym”jpegdegenlove” paid a total of $133,000 for seven NFTs – before quickly selling them for $934,000 in ether. Five hours later this ether was sent via Tornado Cash, a “mixing” service used to prevent blockchain tracking of funds.
Jpegdegenlove also appears to have partially compensated two of his victims – sending 20 ETH ($45,000) to TBALLER and 13 ETH ($30,000) for Vault327.
Another attacker bought one Mutant Ape Yacht Club NFT for $10,600, before selling it five hours later for $34,800.
The exploit It seems to rely on the fact that NFT holders are not aware that old listings on the market for their NFTs are still active. Those old listings are now being used to buy NFTs at the prices the seller chose in the past – often well below current market prices.
These exploiters, along with those associated with other NFT scams, can be traced using Elliptic’s cryptoasset and wallet transaction verification solutions.
