NFT REVIEW NEWS Phishers Acquire $1.7 Million Worth of NFTs in Latest OpenSea Scandal

OpenSea has once again come to witness another security breach, this time in the form of an apparent phishing scandal. The attack, which saw the stealing of NFTs from Decentraland and Bored Ape Yacht Club collections, largely took place between the hours of 5PM and 8PM ET on Saturday 19th February.

A spreadsheet complied by blockchain security service PeckShield counted that 254 tokens were stolen from 32 users over the course of the attack, with the estimated value of the stolen goods amassing to around $1.7 million.

The attacks appear to have been facilitated by a flexibility in the Wyvern Protocol, the open source standard underlying most NFT smart contracts. OpenSea CEO Devin Finzer explained the attacks in two parts, where at first, he said targets would’ve signed a partial contract which left general authorisation and large portions left blank.

Secondly, and with such signature in place, he explained that attackers would’ve been able to complete the contract with a call to their own contract, which would therefore transfer ownership of the NFTs to them without payment needed. This essentially meant that targets of the attack had signed blank cheques, which attackers then filled in the rest before taking the holdings.

A Twitter user, who goes by the name of Neso addressed the occurrence in a Twitter thread, where they said:  “I checked every transaction. They all have valid signatures from the people who lost NFTs so anyone claiming they didn’t get phished but lost NFTs is sadly wrong”.

This is not the first significant security issue that OpenSea has faced throughout its journey to becoming a $13 billion-valued platform, as in the past, it has bared witness various attacks which leveraged elements such as old contracts and poisoned tokens.

Despite OpenSea being in the process of updating its contract system when the attacks took place, the platform has denied that the attacks originated from new contracts. This can perhaps be backed up by the fact that a relatively small number of users were successfully targeted in the event. Finzer also wrote on Twitter that the attacks had not originated from OpenSea’s website, its various visiting systems, or any emails from the company. 

Follow OpenSea >> Twitter

Want more? Connect with NFT Plazas

Join the Weekly Newsletter
Join our Discord
Follow us on Twitter
Like us on Facebook
Follow us on Instagram

*All investment/financial opinions expressed by NFT Plazas are from the personal research and experience of our site moderators and are intended as educational material only. Individuals are required to fully research any product prior to making any kind of investment.

Source link

If this article, video or photo intrigues any copyright, please indicate it to the author’s email or in the comment box.

What do you think?

26 NFT Points
Upvote Downvote


I am the curator of the NFT Review Market News. If the document or content infringes any copyright, please point it out in comments and it will be promptly removed. To all the articles we include the link of the Resource that appears as Source Link If this article, video or photo intrigues any copyright, please indicate it to the author's email or in the comment box.


Leave a Reply

Your email address will not be published.

NFT REVIEW NEWS #16 Cosmic Convos with Sailor Mars feat. Paola Pinna

NFT REVIEW NEWS Metaverse Explorer: Exploring ONYX by J.P. Morgan