Leading NFT marketplace OpenSea is investigating “rumors of an exploit” related to smart contracts associated with its platform. Earlier, a series of tweets from concerned NFT traders went viral. The vulnerability could have cost them many valuable NFTs.
The following was posted on OpenSea’s Twitter account: “We are actively investigating rumors of an exploit related to OpenSea smart contracts. It appears to be a phishing attack originating from outside the OpenSea website. People should not click on links outside of opensea.io.”
Born2Invest mobile application is bringing all the crypto and business news from trusted sources to a single screen so you can stay on top of the market. The application is aggregating the most important and breaking news from relevant websites, the list is always revised and updated with new resources.
Phishing on the NFT marketplace OpenSea
NFT traders wrote on Twitter that they allegedly received official emails from OpenSea about the migration of smart contracts.
Well-known security firm PeckShield reviewed the smart contracts and stated that the exploit in question was “most likely phishing.” A seemingly normal link hides a smart contract that hackers can use to gain access to NFTs. PeckShield cited emails about the migration process as a possible source of the link.
The alleged attacker’s address contains about $1.7 million worth of Ether, as well as two Cool Cats NFTs, three Bored Ape Yacht Club NFTs, a Doodle NFT, and an Azuki NFT. Etherscan subsequently placed a “phish/hack” warning label on the address.
OpenSea was planning to change its smart contract (basically the code for its trading platform) by releasing a brand new contract on Friday. The idea was that the updated contract would take care of deleting old and inactive listings on OpenSea.
Last month, the company sent users a short email with the subject “Clarification on Cancelling Inactive Listings.” The email reminded users to delete old listings.
The problem with smart contracts
The cancellation of an old listing is still an on-chain transaction, meaning it is added to the very end of the blockchain. Cybercriminals looking for new transactions might notice someone deleting an old entry. As a result, they start digging through the other old entries to find an offer below market price.
Some hackers pay an additional fee to front-run a cancellation and make a sale before the user can complete the transaction. Frontrunning is a common problem on Ethereum and other proof-of-work blockchains.
OpenSea has not been able to fix the issue at the time of writing. Most recently, the following announcement was published: “Our team has been working around the clock to investigate the specific details of this phishing attack. While we haven’t yet determined the exact source, we wanted to share a couple of EOD updates.”
DISCLAIMER: This article was written by a third party contributor and does not reflect the opinion of Born2Invest, its management, staff or its associates. Please review our disclaimer for more information.
This article may include forward-looking statements. These forward-looking statements generally are identified by the words “believe,” “project,” “estimate,” “become,” “plan,” “will,” and similar expressions. These forward-looking statements involve known and unknown risks as well as uncertainties, including those discussed in the following cautionary statements and elsewhere in this article and on this site. Although the Company may believe that its expectations are based on reasonable assumptions, the actual results that the Company may achieve may differ materially from any forward-looking statements, which reflect the opinions of the management of the Company only as of the date hereof. Additionally, please make sure to read these important disclosures.
First published in CRYPTO MONDAY, a third-party contributor translated and adapted the article from the original. In case of discrepancy, the original will prevail.
Although we made reasonable efforts to provide accurate translations, some parts may be incorrect. Born2Invest assumes no responsibility for errors, omissions or ambiguities in the translations provided on this website. Any person or entity relying on translated content does so at their own risk. Born2Invest is not responsible for losses caused by such reliance on the accuracy or reliability of translated information. If you wish to report an error or inaccuracy in the translation, we encourage you to contact us.
Fintech Companies Are Creating 26,000 Jobs in Colombia
Fintech companies are revolutionizing the financial landscape in Colombia. These data are added to those provided by Finovista and Visa...
Why the Cannabis Industry in New York Run Into Difficulties
As per the Cannabis Growers Alliance, potential losses could reach millions in New York. While over half of U.S. states...
Winelivery Aims to Raise €3.5 Million to Expand Bar&Enoteca Line and Acquire a Media Company
Winelivery will use the capital from the collection to expand the Bar&Enoteca business line, which currently has four owned premises...
Science Finances the Development of an Infrastructure for Advanced Therapies in Spain with €45
Embedded within the Strategic Plan for Economic Recovery for Vanguard Health, this initiative is funded through the Recovery, Resilience, and...
COP28: African Leaders Call for Financing for the Continent’s Adaptation to Climate Change
Addressing the Adaptation Finance for Africa Summit African leaders emphasized the urgent need for an increase in climate adaptation finance,...
Fintech2 weeks ago
Colombia Leads the Region’s Fintech Ecosystem Segment in Financial Inclusion
Crowdfunding1 week ago
f2o Sports Announced that Its Crowdfunding Campaign Has Started
Crowdfunding2 weeks ago
E-Pop-Cycle Folding Bike at a Better Price via Crowdfunding
Fintech5 days ago
Why the Amounts Invested in Belgian Fintech Companies Decreased