Connect with us

NFT

$1.7 Million in NFTs were stolen in an apparent phishing attack against OpenSea users

OpenSea’s large user base was shaken by the theft of hundreds of NFTs on Saturday. A spreadsheet compiled by the blockchain security service PeckShield counted 254 tokens stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club.

The bulk of the attacks took place between 5PM and 8PM ET, targeting 32 users in total. Molly White, the blogger Web3 is Going Great estimated that the stolen tokens were worth more then $1.7 million ..

The attack seems to have taken advantage of a flexibility in the Wyvern Protocol ,, the open-source standard that underlies most NFT smart contracts including OpenSea. One explanation, linked by Devin Finzer on twitter , described the attack in two parts. First, the targets signed a partial agreement, which included a general authorization but large sections left empty. Once the signature was in place, attackers signed the contract and called for their contract. This contract transferred ownership of NFTs to them without any payment. The attack targets had signed a blank cheque. Once that was done, attackers completed the contract with a call to their own contract, which transferred ownership of the NFTs without payment.

“I verified every transaction,” stated the user ,, who goes by Neso. “They all have valid signatures of the people who lost NFTs, so anyone claiming that they weren’t phished is wrong .”

Valued at $13 billion in a recent funding round, OpenSea has become one of the most valuable companies of the NFT boom, providing a simple interface for users to list, browse, and bid on tokens without interacting directly with the blockchain. That success has come with significant security issues, as the company has struggled with attacks that leveraged old contracts or poisoned tokens to steal users’ valuable holdings.

OpenSea was in the process of updating its contract system when the attack took place, but OpenSea has denied that the attack originated with the new contracts. This vulnerability is unlikely because there are so few targets. Any flaws in the wider platform could be exploited on an even greater scale.

Still, many details of the attack remain unclear — particularly the method attackers used to get targets to sign the half-empty contract. Writing on Twitter shortly before 3AM ET, OpenSea CEO Devin Finzer said the attacks had not originated from OpenSea’s website, its various listing systems, or any emails from the company. The attack’s rapid pace — hundreds of transactions in just hours — suggest a common vector, but no link has been found.

“We’ll keep you updated as we learn more about the exact nature of the phishing attack,” said Finzer on Twitter. “If you have specific information that could be useful, please DM @opensea_support.”

Emma Roth also contributed reporting.

Read More

NFT

Digital Collectibles Explode—Cryptopunks Soar 665% Amid $179M NFT Market Surge

With crypto markets buzzing this week, non-fungible token (NFT) sales followed a similar trajectory, climbing an impressive 90.74% compared to the previous week. Ethereum and Bitcoin NFT Collections Fuel a $179M Weekly Bonanza From Nov. 9 to Nov. 16, NFT sales totaled $179.48 million, as reported by cryptoslam.io…
Read More

Continue Reading

NFT

October Sees Lower NFT Sales Volume With Few Collections Standing Out

After a downtrodden September, non-fungible token (NFT) sales dropped further in October, totaling $361 million—a 36% decrease. NFT Sales Fall 36% in October, Totaling $361 Million NFT sales in October didn’t quite bounce back, showing a 36% decline after September’s 47.9% dip. The month saw around $361.5 million in sales…
Read More

Continue Reading

NFT

Ginoa to List on MEXC Global Exchange on October 31, 2024

PRESS RELEASE. Ginoa, a pioneer in AI-driven solutions for NFTs and the Metaverse, is excited to announce its upcoming listing on MEXC Global Exchange on October 31, 2024. This significant milestone will bring Ginoa’s innovative platform and GINOA token to a global audience, enhancing both liquidity and accessibility…
Read More

Continue Reading

Trending

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.