OpenSea Users Hacked as $1.7 Million in NFTs is Stolen
-
On Saturday, attackers stole hundreds of NFTs worth over $1.7 million from OpenSea users
-
The company has disclosed that it is investigating the phishing attack but the CEO claims that it no longer appears active
-
Devin Finzer disclosed on Twitter that at least 32 users signed a malicious payload that granted attackers access to their NFTs and some were stolen
Hackers stole hundreds of NFTs from OpenSea users on Saturday, throwing other users of the platform into panic mode. A spreadsheet that was released by blockchain security company PeckShield reveals that at least 254 tokens were stolen during the attack, including some for popular franchises like Decentraland and Bore Ape Yacht Club.
The majority of the attack took place around 5 PM to 8 PM ET on Saturday and it has been estimated that the NFTs lost are worth more than $1.7 million. The attack exploited a loophole in the Wyvern Protocol, the open-source standard that underlies most NFTs smart contracts.
CEO of the company Devin Finzer explained on Twitter that the first part of the attack tricked users to sign a partial contract with a general authorization. With the signatures secured, attackers completed the contract with a call to their own contract. This completed a transfer of the NFTs to their own contract without having to pay. He also added that the attacks had not originated from the company’s website.
Read also: Premier League Set to Complete $590 Million NFT Deal
OpenSea which is valued at $13 billion, is the world’s biggest NFT marketplace and it has become one the most valuable blockchain companies in this NFT boom. The platform allows users to buy and sell NFTs without directly interacting with the blockchain. The company was in the process of updating its contract system when the attack took place.
Follow Naija.fm on our social media handles Facebook, Instagram, and Twitter to keep up with trending news, breaking news, entertainment news.