Opensea, the famous NFT marketplace, witnessed a security violation in a scam form. The scammers stole 254 NFTs from the recognized Decentraland and Bored Ape Yacht Club collections.
The incident happened between 5 PM and 8 PM ET on February 19th. The estimated value from the NFTs stolen is about $1,7M.
The scam was performed due to flexibility in the Wyvern Protocol, protecting most of the NFT smart contracts existing on OpenSea.
The CEO of OpenSea, Devin Finzer, explained the attack in two parts from his Twitter account, pointing his finger at a Twitter user called Neso that explained the incident.
How Did The Scammers Acquire The NFTs?
Firstly, the attackers scammed their targets by signing a partial contract, leaving general authorization and large portions blank., through a fake Opensea page.
Secondly, he explained that attackers would’ve been able to complete the contract with a call to their own contract, which would therefore transfer ownership of the NFTs to them. This essentially meant that targets of the attack had signed blank cheques, which attackers then filled in the rest before taking the holdings.
Devin Finzer also explained that the attack did not originate from the OpenSea website but rather from a phishing attempt to the owners.
One thing is for sure, scammers and hackers are becoming more and more sophisticated.
Stay always up to date:
🕹️Gaming Guild & Scholarships: Join our Discord.
📫Saturday Mail Recap: Subscribe for the Blockchain Gaming Digest.
We use affiliate links when possible. At no cost to you, we may earn some crypto or nfts.
While we strive for the accuracy of the content, we provide it “as-is.” We take no responsibility for any actions or results. We write about games, treat them as games. We don’t give investment advices. Always do your own, extensive research.