Leading NFT marketplace OpenSea is investigating “rumors of an exploit” related to smart contracts associated with its platform. Earlier, a series of tweets from concerned NFT traders went viral. The vulnerability could have cost them many valuable NFTs.
The following was posted on OpenSea’s Twitter account: “We are actively investigating rumors of an exploit related to OpenSea smart contracts. It appears to be a phishing attack originating from outside the OpenSea website. People should not click on links outside of opensea.io.”
Born2Invest mobile application is bringing all the crypto and business news from trusted sources to a single screen so you can stay on top of the market. The application is aggregating the most important and breaking news from relevant websites, the list is always revised and updated with new resources.
Phishing on the NFT marketplace OpenSea
NFT traders wrote on Twitter that they allegedly received official emails from OpenSea about the migration of smart contracts.
Well-known security firm PeckShield reviewed the smart contracts and stated that the exploit in question was “most likely phishing.” A seemingly normal link hides a smart contract that hackers can use to gain access to NFTs. PeckShield cited emails about the migration process as a possible source of the link.
The alleged attacker’s address contains about $1.7 million worth of Ether, as well as two Cool Cats NFTs, three Bored Ape Yacht Club NFTs, a Doodle NFT, and an Azuki NFT. Etherscan subsequently placed a “phish/hack” warning label on the address.
OpenSea was planning to change its smart contract (basically the code for its trading platform) by releasing a brand new contract on Friday. The idea was that the updated contract would take care of deleting old and inactive listings on OpenSea.
Last month, the company sent users a short email with the subject “Clarification on Cancelling Inactive Listings.” The email reminded users to delete old listings.
The problem with smart contracts
The cancellation of an old listing is still an on-chain transaction, meaning it is added to the very end of the blockchain. Cybercriminals looking for new transactions might notice someone deleting an old entry. As a result, they start digging through the other old entries to find an offer below market price.
Some hackers pay an additional fee to front-run a cancellation and make a sale before the user can complete the transaction. Frontrunning is a common problem on Ethereum and other proof-of-work blockchains.
OpenSea has not been able to fix the issue at the time of writing. Most recently, the following announcement was published: “Our team has been working around the clock to investigate the specific details of this phishing attack. While we haven’t yet determined the exact source, we wanted to share a couple of EOD updates.”
DISCLAIMER: This article was written by a third party contributor and does not reflect the opinion of Born2Invest, its management, staff or its associates. Please review our disclaimer for more information.
This article may include forward-looking statements. These forward-looking statements generally are identified by the words “believe,” “project,” “estimate,” “become,” “plan,” “will,” and similar expressions. These forward-looking statements involve known and unknown risks as well as uncertainties, including those discussed in the following cautionary statements and elsewhere in this article and on this site. Although the Company may believe that its expectations are based on reasonable assumptions, the actual results that the Company may achieve may differ materially from any forward-looking statements, which reflect the opinions of the management of the Company only as of the date hereof. Additionally, please make sure to read these important disclosures.
First published in CRYPTO MONDAY, a third-party contributor translated and adapted the article from the original. In case of discrepancy, the original will prevail.
Although we made reasonable efforts to provide accurate translations, some parts may be incorrect. Born2Invest assumes no responsibility for errors, omissions or ambiguities in the translations provided on this website. Any person or entity relying on translated content does so at their own risk. Born2Invest is not responsible for losses caused by such reliance on the accuracy or reliability of translated information. If you wish to report an error or inaccuracy in the translation, we encourage you to contact us.
MATIC Share Price Forecast: What Does Polygon Expect in the Current Bear Market?
Cryptocurrencies such as Bitcoin and Polygon have a close correlation with stocks. In most cases, they rise when leading indexes...
Coima sgr’s Porta Nuova Centrale Fund Secures €173.5 Million Green Financing
Coima sgr, founded and led by CEO Manfredi Catella, ended 2021 with assets under management up 6 percent to $9.74...
Canopy Growth Sales Disappoint, Stock Under Pressure
Just a week before announcing its latest numbers, Canopy announced its latest acquisition: the purchase of California-based cannabis extraction and...
Solidarity Day 2022: Ganzourgou Producers Offer 2.6 Tons of Food to Vulnerable People
Regarding the selection criteria of vulnerable people, Ambroise Ouédraogo said that his association collaborates with the provincial directorate of Social...
Ford Chooses Almussafes over Germany for the Production of Electric Models
Thus, the Valencian factory will be the fifth Spanish factory to produce all-electric models. Stellantis manufactures electric models at its...
Biotech1 week ago
Satellos Bioscience’s Stem Cell Signaling Research Could Turn the Tables on Muscular Dystrophies
Crypto2 weeks ago
Solana Price Forecast: SOL Forms a Dead Cat Bounce
Crowdfunding2 weeks ago
Exporo Raises Funds, but the Company Value Decreases Instead of Increasing
Cannabis2 weeks ago
Luis Figo Launches His Brand of CBD Products