Event Recap: Hacker Gets Away with $1.7 Million, OpenSea Phishing Scam Sparks Concern? Official Suggestion to Use Revoke for Protection
Phishing emails are one of the most common hacker attack methods, where malicious links are placed in "fake" emails or social media posts to lure users into clicking, resulting in data or financial loss. As cryptocurrency transactions are directly related to financial activities, falling into a phishing trap could lead to significant losses.
OpenSea, the NFT market leader in market share, recently updated its protocol and required users who want to continue listing NFTs for sale to "Migrate listings." Otherwise, existing sell orders will expire on 2/26 and need to be relisted. For details and instructions, please refer to
Unexpectedly, this situation has become a target for hackers, who are using the migration event to create phishing emails disguised as "migration," tricking users into clicking and allowing hackers to steal your NFT. Reports of phishing emails can be found in thislink.
Advertisement - Continue scrolling for more content
OpenSea officialsstated that they are actively investigating this rumor. This attack apparently originated from external websites related to OpenSea, and users are advised not to click on any websites outside of http://opensea.io.
Currently, OpenSea's website also warns users not to click on external links:
According to OpenSea CEO Devin Finzer, the attackers sold stolen NFTs and made approximately $1.7 million worth of ETH. For the list of stolen NFTs, please refer tothis link. There are 253 ERC-721 tokens and 60 ERC-1155 tokens.
Table of Contents
Clarification and Recommendations from OpenSea CEO
OpenSea CEO Devin Finzer first explained the situation:
- This was a phishing attack and is not directly related to the OpenSea website. There were rumors circulating online about an attack on OpenSea smart contracts
- 32 users interacted with malicious functions in the contract, resulting in some NFTs being stolen; some have been returned
- OpenSea has not recently discovered any phishing emails, and it is still unclear which website provided the malicious link in this incident
- For more technical details about the attacker's methods, please see: explanation
Recommendations for NFT Security Concerns
- Always double-check that you are interacting with https://opensea.io when signing contracts
- If you have been affected, contact @opensea_support
- If you are concerned and want to protect your NFTs, you can "un-approve" to stop external interactions with your NFTs
How to Use Etherscan's Un-approval Feature?
Ethereum Token Approval can help you understand which protocols a wallet address has approved. In the example below, the address we entered shows the funds and NFTs it holds, indicating that the wallet has approved 76 contracts.
By selecting the common standards for NFTs, ERC-721 or ERC-1155, you can view the approved contracts. Clicking Connect to Web3 will link your wallet, allowing you to execute a Revoke action, which will require a Gas Fee to reduce the approved contract's permission to 0.
Related
- Selling toys and water, NFT licensed products Pudgy Penguins and Ape Water enter the retail industry.
- Binance will discontinue Bitcoin NFT trading and deposit services and will not support Runestone.
- US Patent and Trademark Office NFT Intellectual Property Report: Existing laws are sufficient to regulate NFTs, no need for new legislation