Droid.sbs
No Result
View All Result
No Result
View All Result
Droid.sbs
No Result
View All Result

$1.7million in NFTs stolen during an apparent phishing attempt on OpenSea customers

February 22, 2022
in Tech News
0
$1.7million in NFTs stolen during an apparent phishing attempt on OpenSea customers
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

OpenSea’s large user base was shaken by the theft of hundreds of NFTs by attackers on Saturday. The spreadsheet that was compiled by PeckShield, a blockchain security service, showed 254 tokens were stolen during the attack. This includes tokens from Decentraland Yacht Club and Bored Ape Yacht club.

The attacks targeted 32 people in total, with the majority taking place between 5 PM ET and 8 PM ET. Molly White, the blogger Web3 is Going Great estimated that the stolen tokens were worth more than $1.7 million.

It appears that the attack exploited a flexibility of the Wyvern Protocol. This open-source standard is the basis for most NFT smart contracts. One explanation, linked by Devin Finzer on Twitter, described the attack in two parts. First, the targets signed a partial agreement, which included a general authorization but large sections that were left unfilled. Once the signature was in place, attackers called to their contract and transferred ownership of NFTs without any payment. The attack targets had signed a blank cheque. Once that was done, attackers completed the contract with a call to their own contract, which transferred ownership of the NFTs without payment.

“I checked every transaction,” stated the user who goes under Neso. “They all have valid signatures of the people who lost NFTs. Anyone claiming that they weren’t phished is wrong but they lost NFTs are sadly mistaken.”

OpenSea, valued at $13Billion in a recent funding round has made it the most valuable company of the NFT boom. It provides a simple interface that allows users to browse and bid on tokens, without having to interact directly with the blockchain. This success has been accompanied by significant security problems. The company has faced attacks using poisoned or old tokens to steal valuable user holdings.

OpenSea was updating its contract system at the time of the attack, but OpenSea denies that the attack originated from the new contracts. This vulnerability is unlikely because there are so few targets. Any flaws in the wider platform could be exploited on an even greater scale.

Many details about the attack are still unclear, including the methods used by the attackers to convince targets to sign the half-empty contracts. Devin Finzer, OpenSea CEO, stated that the attacks were not from OpenSea’s website, the various listing systems or any email from the company. It is possible that there may be a common vector to the attack as hundreds of transactions were done in just hours. However, no link has been found.

Finzer tweeted that “We’ll keep you updated as we learn more regarding the exact nature of this phishing attack.” “If you have any specific information that might be of use, please DM @opensea_support.”

Tags: cybersecurityhackingNFTopenseaphishing
Next Post

The US Copyright Office states that an AI can’t copyright art

Related Posts

Amazon installs AI camera in UK delivery vans
Tech News

Amazon installs AI camera in UK delivery vans

July 6, 2022
YouTube is offering new ways for creators to make a living with shorts and online shopping
Tech News

YouTube is offering new ways for creators to make a living with shorts and online shopping

February 22, 2022
The US Copyright Office states that an AI can’t copyright art
Tech News

The US Copyright Office states that an AI can’t copyright art

February 22, 2022
Next Post
The US Copyright Office states that an AI can’t copyright art

The US Copyright Office states that an AI can't copyright art

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • About
  • Contact

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Privacy Policy

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist