Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

admin
Pinned May 12, 2022

<> Embed

@  Email

Report

Uploaded by user
$2
Bored Ape Yacht Club’s Instagram compromised in $2.4 million NFT phishing scam
<> Embed @  Email Report

Bored Ape Yacht Club’s Instagram compromised in $2.4 million NFT phishing scam

OpenSea users lose hundreds of NFTs in likely phishing attack

The damage is estimated at $1.7 million.

Igor Bonifacic
I. Bonifacic
February 20th, 2022
Bored Ape Yacht Club
JUSTIN TALLIS via Getty Images

NFT marketplace OpenSea is investigating a “phishing attack” that has left more than two dozen of its users without access to some of their most valuable digital tokens. On late Saturday evening, panic hit the platform when someone stole hundreds of NFTs.

Over several hours that afternoon, the attacker targeted 32 accounts and obtained 254 tokens, according to a spreadsheet compiled by Blockchain security service PeckShield. Among the stolen NFTs are tokens from the Bored Ape Yacht Club and Azuki collections. One estimate by Molly White, the creator of the Web3 is Going Great blog, pegged the haul at 641 Ethereum (approximately $1.7 million at the time of this article).

“We have confidence that this was a phishing attack,” said Devin Finzer, the co-founder and CEO of OpenSea, in a tweet posted early Sunday morning. “We don’t know where the phishing occurred, but we’ve been able to rule out a number of things based on our conversations with the 32 affected users.”

According to Finzer, OpenSea determined its website was not a vector for the attack, nor did someone exploit a previously unknown vulnerability in the platform’s NFT minting, buying, selling and listing features. “Interaction with an OpenSea email is not a vector for attack,” said Finzer. “In fact, we are not aware of any of the affected users receiving or clicking links in suspicious emails.”

We’ve reached out to OpenSea for comment.

As noted by The Verge, the attack likely took advantage of an aspect of the Wyvern Protocol. Many Web3 platforms, including OpenSea, use the open-source standard to underpin their contracts. One Twitter thread suggests those targeted in the phishing campaign may have signed a partial agreement that allowed the attacker to transfer the NFTs without any Ethereum changing hands. Linking to the thread, Finzer said it presented a scenario that was “consistent with our current internal understanding” of the situation.

While there’s still much about the attack we don’t know, what is clear is that it couldn’t have come at a worse time for OpenSea. On Friday, the company introduced a new smart contract and asked people to migrate their assets. It has also been the subject of recent controversy, first starting with an employee who resigned for using insider information to profit on NFT drops and then more recently over the prevalence of tokens that are fake, plagiarized or spam on its platform. 

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics  

(53)