A New Exploit On The Old Opensea Contract Is Being Used To Steal NFTs
A new vulnerability has been discovered that targets non-fungible tokens listed before May 2022. Pocket Universe, a phishing scam detection program, explained how the hack works through a Twitter thread, saying cybercriminals are exploiting a gap introduced when OpenSea utilized Wyvern Protocol.
In May, the major NFT marketplace upgraded to Seaport Protocol, introducing new functionality to the bidding process. However, not everyone switched over to the new protocol, with some NFTs remaining listed on the old version.
In the previous version, users granted a proxy contract the power to withdraw an NFT after listing it on OpenSea, based on the SetApprovalForAll permission.
According to Pocket Universe:
By following three easy steps, users may avoid falling into the trap. The first step is to carefully review the transaction to verify there are no red signals, such as statements pushing you to upgrade.
The next stage is to go to RevokeCash, a cross-chain interoperability standard for handling NFT transactions. The solution protects consumers from fraud on over 30 blockchains, including Ethereum, Polygon, and Avalanche.
When you get to the platform, you must remove rights to the previous version, OpenSea. The disadvantage is that you will still suffer gas expenses for each canceled collection, but the proxy contract will be banned from draining your funds.
The third alternative is to use Pocket Universe’s scam-detecting program, which can be added as an extension to your browser. When you encounter the exploit, the tool gives a red warning as a pop-up message.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Website: coincu.com
Harold
CoinCu News