Opensea gets hacked en masse?

Owners of high value NFTs are being drawn by an unknown attacker whose assets are listed on Opensea. Therefore, it is possible that the new Opensea contract has been hacked or the user has been phishing.

Any user who has interacted with the new Opensea gets hacked contracts must immediately revoke Opensea’s token approval. The interface of Etherscan and Revoke.cash together shows this.

At 09:13 this morning (Synthetic Team time) the attack appears to have ended. Outgoing transactions lasted longer than 30 minutes account of the attacker and contract Attack. The attacker currently holds 641.5 liquid ETH and many high quality NFTs including 17 Azuki, 3 BAYC, 2 Cool Cats and 2 Mutant Ape Yacht Club. He also pocketed an ENS criticizing racism.

However, the case was reopened. At this point, it looks like the user fell victim to a phishing scam. The attacker could have attacked now as the phishing scam list is about to expire along with the opensea contract migration time.

Source: Twitter

The attacker has earned over 680 ETH so far and shows no signs of stopping. Your activity on Opensea is very heavy (and Opensea has removed it). book page this operation down). Bored Apes, Mutant Apes, Azukis, mfers, FVCK_CRYSTALS, Doodles and basically anything else that hasn’t been sold is currently being moved into wallets and sold at or below the reserve price.

The usual flow of “plz ser mi familia” messages is also forwarded to accounts, some in the form of NFT Opensea collections.

Source: Open sea

The attacker’s account and attack contract will continue to function. Act to protect your wealth!

Cheat phishing good mistake Hsmart contract?

Interestingly, the attack contract was created 28 days ago before the opensea migration was implemented.

Source: SatoshiWolf

It is currently unclear whether this is a smart contract bug, a phishing attack that copies Opensea’s migration communications, or an initial phishing attack. Currently, several descriptions point to a phishing attack. The new Opensea contract was probably never hacked.

Other users claim not to interact with opensea emails at all, resulting in a more complicated response.

Some users mocked other users for approving “WyvernExchange” instead of Opensea. Wyvern is the name behind the scenes of an opensea exchange as seen in contract There’s a blue tick. Wyvern are not a malicious group.

Regardless of whether the scam involves an email migration or not, the emails themselves are still a terrible idea. Being user-friendly is one thing, but training your users to cryptographically authorize things they click on in emails…

A user guess i think:

“OpenSea should be criticized for training customers to use their wallets to sign transactions generated by a website link in an email.”

It looks like there will be another migration in the future.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page