The actual number of users whose tokens were recently stolen by an attacker was revealed by OpenSea, a leading NFT marketplace. Its CTO also shares why investors should be extremely careful when clicking “allow” on Metamask.
17 NFT investors affected, attackers halt their activities
According to a statement posted on the official OpenSea Twitter account, the initial findings of an investigation revealed that everyone involved was the victim of a phishing attempt, not the platform’s coding stream.
Instead of 32 victims, the list was reduced to 17 accounts. Individuals who contracted the attacker but did not lose their tokens were included in the list. According to OpenSea, the attackers did not show any activity in the last 15 hours. On February 20, 2022, they started sending phishing emails impersonating the OpenSea team. According to Checkpoint cybersecurity experts, attackers forced victims to authorize an Atomic Match request responsible for NFT transfer logics in OpenSea.
The attacker then repeated the same request to a legitimate OpenSea account, resulting in the attacker capturing all of the victim’s tokens thanks to a precise and determined interaction signed by the NFT owner.
OpenSea CTO published a detailed whitepaper
At the time of publication, the victims’ net losses were determined to be $1.7 million. During the attack, allegations of a “$200 million” scam were made in the crypto Twitter community. According to Nadav Hollander, founder of the Dharma DeFi protocol and CTO of OpenSea, this attack will affect the way Web3 enthusiasts approach off-chain message signing:
Our industry has become more aware of the need to not distribute seed phrases or send unknown transactions. On the other hand, signing off chain communications requires equal attention.
Nadav Hollander adds that OpenSea has moved to a more secure contract form to reduce the risk of such attacks and to keep all users “alert” of chain events.
As a result, we see that an advanced phishing attack has started against the OpenSea platform and security companies are working hard on this issue. cryptocoin.com You can find the details of the phishing attacks on the platform, which we have transferred as
Contact us to be instantly informed about the last minute developments. twitter‘in, Facebookin and InstagramFollow and Telegram and YouTube join our channel!
Disclaimer: The articles and articles on Kriptokoin.com do not constitute investment advice. Cryptokoin.com does not recommend buying or selling any cryptocurrencies or digital assets, nor is Kriptokoin.com an investment advisor. For this reason, Kriptokoin.com and the authors of the articles on the site cannot be held responsible for your investment decisions. Readers should do their own research before taking any action regarding the company, asset or service in this article.
Warning: Citing the news content of Kriptokoin.com and quoting by giving a link is subject to the permission of Kriptokoin.com. No content on the site can be copied, reproduced or published on any platform without permission. Legal action will be taken against those who use the code, design, text, graphics and all other content of Kriptokoin.com in violation of intellectual property law and relevant legislation.