An illustration picture taken in London on December 30, 2021, shows a PsychoKitty NFT (Non-Fungible Token) created by psychedelic artist Ugonzo displayed on a phone and a NFT logo displayed on a computer screen from a Crypto.com NFT marketplace. - Non-fungible tokens or NFTs are cryptographic assets stored on a blockchain with unique identification metadata that distinguish them from each other. - RESTRICTED TO EDITORIAL USE - MANDATORY MENTION OF THE ARTIST UPON PUBLICATION - TO ILLUSTRATE THE EVENT AS SPECIFIED IN THE CAPTION (Photo by Justin TALLIS / AFP) / RESTRICTED TO EDITORIAL USE - MANDATORY MENTION OF THE ARTIST UPON PUBLICATION - TO ILLUSTRATE THE EVENT AS SPECIFIED IN THE CAPTION / RESTRICTED TO EDITORIAL USE - MANDATORY MENTION OF THE ARTIST UPON PUBLICATION - TO ILLUSTRATE THE EVENT AS SPECIFIED IN THE CAPTION (Photo by JUSTIN TALLIS/AFP via Getty Images)

OpenSea, the hub of blockchain, announced that they are investigating a scam targeting users of its non-fungible tokens (NFTs) platform. As per CEO, Devin Finzer; the hacker(s) carried out a phishing attack to steal several NFTs and had already sold a few for ethereum worth $1.7 million.

Read more: Crypto.com Reveals that Hackers Stole Over $30 Million from Users

The phishing attack on OpenSea

Devin confirmed that the hacker had tricked 32 victims into signing a malicious payload that authorized the transfer of their NFTs to the attacker for free. While the company is confident that this was a phishing attack, he explained that they didn’t know where the phishing had occurred.

CEO Devin Finzer shared – an explainer thread describing the phishing attack – on Twitter, the user described that the attack had the victims signing half of a Wyvern order, referencing an open-source standard typically used in NFT smart contracts. The order was effectively empty except for call data and a target of the attacker’s contract, with the victim signing half while the attacker signed the other. After signing, the attacker calls their own contract listed in the double-signed order, which then starts the process of transferring the victim’s NFTs to the attacker.

OpenSea launches customer support to fight  scammers

Just a few days back, Metalink – OpenSea and NFT communications platform – announced a new partnership aimed at preventing social engineering attacks carried out through Discord DMs. OpenSea’s head of community Stevey Tromberg said in a statement; “Our goal is to create a direct channel for you to interact with OpenSea to get support, offer feedback, receive updates, and to share any other information that will help us better serve you.”

Source: Verge

LEAVE A REPLY

Please enter your comment!
Please enter your name here