Tweet
Hundreds of non-fungible tokens (NFTs) have been stolen from the accounts of OpenSea users after a series of successful phishing attacks, it has emerged.
The NFT marketplace was alerted to the issue over the weekend when a handful of customers discovered tokens missing from their wallets. Word of the incident quickly spread, causing a stir in the NFT community.
In an attempt to calm the panic, OpenSea chief executive Devin Finzer took to Twitter, explaining that the attacks were not the result of a security vulnerability in the platform, but rather a phishing campaign targeting NFT owners.
TechRadar needs you!
Weāre looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey wonāt take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a Ā£100 Amazon gift card (or equivalent in USD). Thank you for taking part.
A ul compiled by blockchain security company PeckShield suggests that more than 250 NFTs were stolen, including items from popular collections such as Bored Ape Yacht Club. Although some have since been recovered, wallet analysis shows the stolen tokens have earned the attacker roughly $1.7 million in sell-on value.
[HEADING=1]OpenSea NFTs stolen[/HEADING]
NFTs are representations of digital properties such as images or videos, often described as digital collectibles. What makes them different from traditional collectibles (for example, Fortnite skins) is that each NFT has a distinct signature that demonstrates its uniqueness and allows for ownership of the associated asset to be verified and traced.
Once the playtoy of an enthusiast minority, NFTs now change hands for many millions of dollars over platforms like OpenSea, which is itself valued at $13 billion.
Inevitably, the valuations of the NFTs exchanged over OpenSea and the notoriety of the marketplace have attracted increased attention from hackers. In the last few months, the company has had to close off security bugs that allowed hackers to purchase NFTs for well below value and create malicious tokens that could drain the crypto wallets of victims.
Read more
> Salesforce is reportedly moving into NFTs
Now, OpenSea is facing down another security issue, the details of which still remain murky.
āOur team has been working around the clock to investigate the specific details of this phishing attack,ā explained OpenSea via its official Twitter account.
āWeāve narrowed down the list of impacted individuals to 17, rather than the previously mentioned 32. Our original count included anyone who had interacted with the attacker, rather than those who were victims of the phishing attack.ā
However, the precise mechanism of the attack remains unclear. Early signs point towards a manipulation of the Wyvern Protocol on which most NFT smart contracts are built. According to a Twitter thread referenced by Finzer, the attacker tricked the victims into signing half of a Wyvern order, allowing for their NFTs to be transferred to a new wallet without payment.
Finzer says there is no evidence the affected users had been targeted via email, and the identity of the website used to facilitate the attack remains a mystery.
The advice for concerned OpenSea users is to ādouble check you are interacting with opensea.io in your browser when you sign messagesā and to āun-approve access to your NFT collectionā via Etherscan.
TechRadar Pro has asked OpenSea whether it has plans to put in place measures to prevent users from falling victim to similar phishing scams in future.
The NFT marketplace was alerted to the issue over the weekend when a handful of customers discovered tokens missing from their wallets. Word of the incident quickly spread, causing a stir in the NFT community.
In an attempt to calm the panic, OpenSea chief executive Devin Finzer took to Twitter, explaining that the attacks were not the result of a security vulnerability in the platform, but rather a phishing campaign targeting NFT owners.
TechRadar needs you!
Weāre looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey wonāt take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a Ā£100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]OpenSea NFTs stolen[/HEADING]
NFTs are representations of digital properties such as images or videos, often described as digital collectibles. What makes them different from traditional collectibles (for example, Fortnite skins) is that each NFT has a distinct signature that demonstrates its uniqueness and allows for ownership of the associated asset to be verified and traced.
Once the playtoy of an enthusiast minority, NFTs now change hands for many millions of dollars over platforms like OpenSea, which is itself valued at $13 billion.
Inevitably, the valuations of the NFTs exchanged over OpenSea and the notoriety of the marketplace have attracted increased attention from hackers. In the last few months, the company has had to close off security bugs that allowed hackers to purchase NFTs for well below value and create malicious tokens that could drain the crypto wallets of victims.
Read more
> Salesforce is reportedly moving into NFTs
Mozilla, Brave founder says NFT āsillinessā is a necessary evil
NFT of worldās first text message sells for ā¬100,000 at auction
āOur team has been working around the clock to investigate the specific details of this phishing attack,ā explained OpenSea via its official Twitter account.
āWeāve narrowed down the list of impacted individuals to 17, rather than the previously mentioned 32. Our original count included anyone who had interacted with the attacker, rather than those who were victims of the phishing attack.ā
However, the precise mechanism of the attack remains unclear. Early signs point towards a manipulation of the Wyvern Protocol on which most NFT smart contracts are built. According to a Twitter thread referenced by Finzer, the attacker tricked the victims into signing half of a Wyvern order, allowing for their NFTs to be transferred to a new wallet without payment.
Finzer says there is no evidence the affected users had been targeted via email, and the identity of the website used to facilitate the attack remains a mystery.
The advice for concerned OpenSea users is to ādouble check you are interacting with opensea.io in your browser when you sign messagesā and to āun-approve access to your NFT collectionā via Etherscan.
TechRadar Pro has asked OpenSea whether it has plans to put in place measures to prevent users from falling victim to similar phishing scams in future.
- [li]Shield against phishing attacks with the best password managers and best security keys around[/li][/ul]
Continue readingā¦