Hacker’s Ingenious New Method to Enable Private Sales
A hacker known as “Pink Drainer” has discovered a method to enable private sales on Blur, a platform that typically does not offer this feature. The revelation, first shared by Twitter user Quit, could significantly alter the dynamics of the NFT marketplace.
Breaking Down the Boundaries of Blur
Blur, an NFT marketplace, traditionally does not offer private listings. Any user can fulfill any listing created on the platform. However, Pink Drainer has found a way to purchase items for near zero ether (ETH) on Blur, achieved by exploiting the royalty system uniquely.
The Role of the Royalty System in Exploiting Blur
Typically, if a scammer tricks a victim into creating a Blur listing for the minimum amount of ETH, arbitrage bots would outpace them. These bots are willing to pay most of the value of the NFT in fees to block validators, thereby securing the purchase for themselves. This situation isn’t ideal for phishing hackers such as Pink Drainer.
Innovative Phishing Methods Employed by Pink Drainer
Pink Drainer has contrived a scheme to counteract this. By setting a royalty recipient with 100% royalties, and setting the recipient to a contract that reverts for any transaction in which Pink Drainer is not the origin, the hacker effectively makes it a private listing on Blur.
Implications of Pink Drainer’s Technique
As Quit elucidates, this technique could potentially be used by others to create legitimate private listings on Blur. It might even inspire the development of a frontend that simplifies this process. Despite its origins in illicit activity, this technique could make a positive contribution to the NFT space by introducing a new feature to Blur that was previously unavailable.