Connect with us

NFT

$1.7 Million in NFTs were stolen in an apparent phishing attack against OpenSea users

OpenSea’s large user base was shaken by the theft of hundreds of NFTs on Saturday. A spreadsheet compiled by the blockchain security service PeckShield counted 254 tokens stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club.

The bulk of the attacks took place between 5PM and 8PM ET, targeting 32 users in total. Molly White, the blogger Web3 is Going Great estimated that the stolen tokens were worth more then $1.7 million ..

The attack seems to have taken advantage of a flexibility in the Wyvern Protocol ,, the open-source standard that underlies most NFT smart contracts including OpenSea. One explanation, linked by Devin Finzer on twitter , described the attack in two parts. First, the targets signed a partial agreement, which included a general authorization but large sections left empty. Once the signature was in place, attackers signed the contract and called for their contract. This contract transferred ownership of NFTs to them without any payment. The attack targets had signed a blank cheque. Once that was done, attackers completed the contract with a call to their own contract, which transferred ownership of the NFTs without payment.

“I verified every transaction,” stated the user ,, who goes by Neso. “They all have valid signatures of the people who lost NFTs, so anyone claiming that they weren’t phished is wrong .”

Valued at $13 billion in a recent funding round, OpenSea has become one of the most valuable companies of the NFT boom, providing a simple interface for users to list, browse, and bid on tokens without interacting directly with the blockchain. That success has come with significant security issues, as the company has struggled with attacks that leveraged old contracts or poisoned tokens to steal users’ valuable holdings.

OpenSea was in the process of updating its contract system when the attack took place, but OpenSea has denied that the attack originated with the new contracts. This vulnerability is unlikely because there are so few targets. Any flaws in the wider platform could be exploited on an even greater scale.

Still, many details of the attack remain unclear — particularly the method attackers used to get targets to sign the half-empty contract. Writing on Twitter shortly before 3AM ET, OpenSea CEO Devin Finzer said the attacks had not originated from OpenSea’s website, its various listing systems, or any emails from the company. The attack’s rapid pace — hundreds of transactions in just hours — suggest a common vector, but no link has been found.

“We’ll keep you updated as we learn more about the exact nature of the phishing attack,” said Finzer on Twitter. “If you have specific information that could be useful, please DM @opensea_support.”

Emma Roth also contributed reporting.

Read More

NFT

South Korean Regulator Excludes Certain NFTs From Crypto Regulations

South Korea’s top financial regulator has issued guidelines clarifying when non-fungible tokens (NFTs) are considered virtual assets. This distinction aims to minimize the risk of widespread user harm. The guidelines will be part of the Virtual Asset User Protection Act, effective July 19, 2024. FSC Issues New NFT Classification Guidelines On Monday…
Read More

Continue Reading

NFT

Dapper Labs Secures Favorable Settlement in Class Action Lawsuit Involving NBA Top Shot NFTs

Dapper Labs, a blockchain technology and digital collectibles company, has reached a favorable settlement in the legal case Friel vs. Dapper Labs, establishing that NBA Top Shot Moments are not securities. The company emphasizes that this significant ruling clarifies the legal status of digital collectibles and ensures the continued decentralization of the Flow blockchain…
Read More

Continue Reading

NFT

The First Web3 RPG From Saudi Arabia Astra Nova Launches a SocialFi Platform on Immutable zkEVM

PRESS RELEASE. Astra Nova, the pioneering Web3 RPG from Saudi Arabia, is excited to announce the launch of its SocialFi platform, The Black Pass. This innovative platform is accessible through a free soulbound NFT and offers a competitive edge by tracking players’ in-game activity. On The Black Pass…
Read More

Continue Reading

Trending

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.