A new vulnerability has been discovered that targets non-fungible tokens listed before May 2022. Pocket Universe, a phishing scam detection program, explained how the hack works through a Twitter thread, saying cybercriminals are exploiting a gap introduced when OpenSea utilized Wyvern Protocol.

In May, the major NFT marketplace upgraded to Seaport Protocol, introducing new functionality to the bidding process. However, not everyone switched over to the new protocol, with some NFTs remaining listed on the old version.

In the previous version, users granted a proxy contract the power to withdraw an NFT after listing it on OpenSea, based on the SetApprovalForAll permission.

According to Pocket Universe:

By following three easy steps, users may avoid falling into the trap. The first step is to carefully review the transaction to verify there are no red signals, such as statements pushing you to upgrade.

The next stage is to go to RevokeCash, a cross-chain interoperability standard for handling NFT transactions. The solution protects consumers from fraud on over 30 blockchains, including Ethereum, Polygon, and Avalanche.

When you get to the platform, you must remove rights to the previous version, OpenSea. The disadvantage is that you will still suffer gas expenses for each canceled collection, but the proxy contract will be banned from draining your funds.

The third alternative is to use Pocket Universe’s scam-detecting program, which can be added as an extension to your browser. When you encounter the exploit, the tool gives a red warning as a pop-up message.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Harold

CoinCu News

OpenSea

Pocket Universe

RevokeCash

Seaport Protocol

SetApprovalForAll

Wyvern Protocol

Author

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Scam Alert

A New Exploit On The Old Opensea Contract Is Being Used To Steal NFTs

A new vulnerability has been discovered that targets non-fungible tokens listed before May 2022. Pocket Universe, a phishing scam detection program, explained how the hack works through a Twitter thread, saying cybercriminals are exploiting a gap introduced when OpenSea utilized Wyvern Protocol.

In May, the major NFT marketplace upgraded to Seaport Protocol, introducing new functionality to the bidding process. However, not everyone switched over to the new protocol, with some NFTs remaining listed on the old version.

In the previous version, users granted a proxy contract the power to withdraw an NFT after listing it on OpenSea, based on the SetApprovalForAll permission.

According to Pocket Universe:

This new exploit tricks you into signing a transaction that gives the attacker ownership of your proxy contract

which gives them permission to withdraw your NFTs!

????→???? pic.twitter.com/Pscr6AJs38

— Pocket Universe ???? (@PocketUniverseZ) October 28, 2022

By following three easy steps, users may avoid falling into the trap. The first step is to carefully review the transaction to verify there are no red signals, such as statements pushing you to upgrade.

The next stage is to go to RevokeCash, a cross-chain interoperability standard for handling NFT transactions. The solution protects consumers from fraud on over 30 blockchains, including Ethereum, Polygon, and Avalanche.

When you get to the platform, you must remove rights to the previous version, OpenSea. The disadvantage is that you will still suffer gas expenses for each canceled collection, but the proxy contract will be banned from draining your funds.

The third alternative is to use Pocket Universe’s scam-detecting program, which can be added as an extension to your browser. When you encounter the exploit, the tool gives a red warning as a pop-up message.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Harold

CoinCu News

Visited 60 times, 3 visit(s) today

Other Posts

Related Posts

News

- 13 hours ago 2 mins

Pantera Capital TON Investment Driven To Enhance P2P Payment Capabilities

Knowledge

- 57 days ago 13 mins

Free Bitcoin Code 2024: Easy Way To Own Bitcoin

Knowledge

- 111 days ago 12 mins

Fiat To Fiat Converter: Detailed Guide For Beginners And Important Notes

News

- 14 hours ago 3 mins

Coinbase SEC Lawsuit Isn’t Over Yet, But The Exchange Remains Optimistic

Knowledge

- 111 days ago 12 mins

Crypto To Crypto Converter: Detailed Guide For Beginners And Important Notes

Knowledge

- 12 days ago 12 mins

Bitcoin Mining: How Long Does It Take to Mine 1 Bitcoin?

News

- 14 hours ago 2 mins

EigenLayer Airdrop Is Now Updated After Facing Controversy From Users

News

- 14 hours ago 2 mins

Coinbase Quarter Revenue Hits $1.64 Billion With Market Excitement