The company is investigating what happened, but they still don’t know where the attack originated. Total, According to security service PeckShield, a total of 254 stolen NFTs have been recorded, including several from Decentraland and Bored Ape Yacht Club.
This modality is carried out through a false email, making the user believe that it is an official action of the platform. When you enter your details, attackers gain access to your account and can steal your NFTs. According to leaked captures, it would have been a supposed mail from OpenSea that would have requested to migrate the NFTs from the site, but from OpenSea they deny that way.
Devin Finzer, CEO of OpenSea, has also detailed what happened. First of all, the deceived users signed a partial contract, with a general authorization and large blank spaces. With that signature, the attackers completed the contract with a call to their own contract, which transferred ownership of the NFTs without making any payment. In summary, as described by the CEO of OpenSea, users were tricked into signing a “blank check”. The aspect that they have not confirmed yet is through which mechanism this phishing scam was carried out.
Because one of the strengths of NFTs is their traceability, it is possible to access the attacker’s Wallet. To warn of this problem, OpenSea has added a warning message indicating that these NFTs were obtained in a phishing attack.
The platform has opened an investigation to analyze how the attack occurred. For now, they only know that the scam originated outside of your website. Devin Fizer, co-founder and CEO of OpenSea, says “we are not aware of any of the affected users receiving or clicking on links in suspicious emails.”
According to The Verge, the attack appears to have exploited a vulnerability in the Wyvern Protocol, the open source standard underlying most NFT smart contracts. Typically, victims would have ended up signing a blank contract, and once signed, the attackers completed the rest of the contract to take their tokens.
Source: Ambito
David William is a talented author who has made a name for himself in the world of writing. He is a professional author who writes on a wide range of topics, from general interest to opinion news. David is currently working as a writer at 24 hours worlds where he brings his unique perspective and in-depth research to his articles, making them both informative and engaging.
