Devin Finzer, the CEO of OpenSea responded to the $1.7 million phishing attack developments and said that it actually didn’t originate on the opensea.io platform and it is working with all those affected so let’s read more in today’s latest cryptocurrency news.
Last night reports surfaced that the NFT collectors had been losing NFTs and ETH from their wallets and OpenSea now confirmed that what actually happened was a phishing attack that saw over $1.7 million in assets being shifted to a malicious wallet dubbed Fake_Phishing5169. The malicious wallet made its first transaction back in December but the reports of a phishing activity only started yesterday when the wallet started engaging with another wallet that has been marketed as a part of an OpenSea phishing scam.
Seen confusion about the OS thing so.
Attacker had people sign half of a valid wyvern order, the order was basically empty except the target (attacker contract) and calldata, attacker signs other half of order.
— Neso (@Nesotual) February 20, 2022
In the past day, plenty of NFTs from collections that had high prices have been transferred such as Bored Ape Yacht club NFTs, Doodles, Azuki NFT, and Cool Cats. The wallet address also made transactions via rival NFT marketplaces like RArible and LooksRare but NFTs are cryptographically unique tokens that exist ont the blockchain like Ethereum and each one is linked to an asset. A few hours after the news broke out, OpenSea CEO Devin Finzer said:
“We have confidence that this was a phishing attack. We don’t know where the phishing occurred.”
The company believes that the attack didn’t originate on Opensea.io and that no legitimate emails nor the site banner led to the attack:
“Minting, buying, selling, or listing items using opensea.io is not a vector for the attack. In particular, signing the new smart contract (the Wyvern 2.3 contract) is not a vector for the attack. We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.”
Finzer said that while there were a lot of pauses in the attacker’s activity, OpenSea will continue to investigate the situation. He confirmed it on Twitter as one user so also remained consistent with his understanding of what happened. Neso said that those lost assets signed half of the valid wyeren order is a decentralized exchange protocol that can execute asset transfers so no matter the source of the attack, some are still confused by the transaction. For example, the attacker sends 50 ETH to nativers.eth after taking some of his assets and then returning them but also why are some destination addresses hidden by the Tornado Cash proxy but some aren’t.
To prevent an unwanted NFT and ETH token loss, it is best to revoke access via Etherscan’s Token Approval Feature and consider moving the assets to a hardware wallet.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post