Phishers Acquire $1.7 Million Worth of NFTs in Latest OpenSea Scandal

The recent OpenSea fiasco has resulted in the loss of millions worth of NFTs. This is another reminder to be on guard, and you should never blindly trust token sales or giveaways as a way to get free assets.

The “nft buy” is a command-line tool that allows users to purchase NFTs from the OpenSea marketplace. The latest scandal was that phishers acquired $1.7 million worth of NFTs in an instant.

Once again, OpenSea has been the victim of a security breach, this time in the shape of a phishing scandal. The theft of NFTs from Decentraland and Bored Ape Yacht Club collections occurred mostly between the hours of 5 and 8 p.m. ET on Saturday, February 19th.

Over the course of the assault, 254 tokens were taken from 32 individuals, with the estimated worth of the stolen commodities being about $1.7 million, according to a spreadsheet compiled by blockchain security provider PeckShield.

The assaults seem to have been aided by a flaw in the Wyvern Protocol, the open source standard that underpins the majority of NFT smart contracts. The assaults were outlined in two sections by OpenSea CEO Devin Finzer. First, he stated targets would have signed a partial contract that left broad authorization and big chunks unfilled.

Second, he highlighted that with such a signature in place, attackers would have been able to complete the contract with a call to their own contract, thereby transferring ownership of the NFTs to them without the need for payment. This effectively meant that the victims had signed blank checks, which the assailants then filled up before stealing the funds.

“I reviewed every transaction,” stated a Twitter user who goes by the handle Neso in a Twitter discussion about the incident. They all have genuine signatures from individuals who have lost NFTs, thus anybody who claims they haven’t been phished but have lost NFTs is unfortunately mistaken.”

This isn’t the first major security problem that OpenSea has encountered on its way to become a $13 billion platform; in the past, it has been subjected to a number of hacks that used aspects like obsolete contracts and poisoned tokens.

Despite the fact that the assaults occurred when OpenSea was modernizing its contract system, the platform has disputed that the attacks were the result of new contracts. The fact that just a limited number of users were effectively targeted in the event may support this theory. Finzer also said on Twitter that the assaults were not launched from OpenSea’s website, its different visitor systems, or any of the company’s emails. 

Follow OpenSea >> Twitter

 

Related Tags

  • nft trading platform
  • where to buy nft tokens
  • nft collectibles

Leave a Comment

Your email address will not be published.

Most Recent

Categories

Share:

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Scroll to Top