AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.
Collectors of NFTs that used OpenSea have been affected by a phishing attack, with a total of 254 tokens estimated to be worth more than $1.7 million stolen over a three-hour period.
On Saturday, OpenSea became aware of rumors that smart contracts connected to the non-fungible token (NFT) marketplace. In investigating the claims, it discovered that users were actually being affected by a fairly typical phishing attack.
Emails set to look like an OpenSea Community Update were sent to customers, inviting them to migrate their Etherium listings to a new smart contract. As OpenSea introduced its own legitimate smart contract one day prior, the phishing email took advantage of the change.
According to OpenSea and CEO Devin Finzer on Twitter, the phishing attack doesn't appear to be connected to the OpenSea website itself, and was operated separately, reports Decrypt. It seems that only 32 people were affected by the email, signing a contract with a malicious payload, which led to the victims signing over NFTs to the attacker.
In an explainer thread linked by Finzer, it appears the attack had the victims signing half of a Wyvern order, referencing an open-source standard typically used in NFT smart contracts. The order was effectively empty except for call data and a target of the attacker's contract, with the victim signing half while the attacker signed the ..
Support the originator by clicking the read the rest link below.
