In most cases, the transactions initiated through the front-end user interface will be communicated and executed on the NFT platform’s smart contract through an API. While instances of API exploits have not been numerous, it is worth noting that they may harbor vulnerabilities. These may arise from time delays in communicating frontend interactions to the smart contract or functioning in a manner that is not apparent on a platform’s front end.
https://finance.yahoo.com/news/marketplace-exploit-leads-catastrophic-losses-131904566.html