Hackers Exploit Bug to Steal $1 Million in NFTs From OpenSea Users. Recently, hackers exploited a bug in OpenSea to steal $1 million in NFTs from its users. By using phishing attacks, they tricked 17 people into signing malicious payloads. In turn, the hackers made a profit of $190,000 by exploiting the bug.
Hackers exploited a bug to steal $1 million in NFTs from OpenSea users
The OpenSea bug was first noticed back in December, but is still being used by hackers. The bug allows the hacker to drain NFTs from the account of the victims and transfer them to a malicious address. The exploit appears to be related to a feature that allows users to relist assets without canceling the first. OpenSea is now investigating the matter.
As of Friday, OpenSea has yet to announce compensation plans for the victims. However, the company is already being sued for negligence. The owner of the Bored Ape Yacht Club lost his NFT to a phishing attack and filed a lawsuit against the company. OpenSea CEO Devin Finzer has denied any responsibility for the hack. However, the CEO of Mintable has criticized the company for not helping the victims.
The OpenSea nonfungible token marketplace has a bug that has allowed hackers to buy NFTs below market value. As a result, the hackers have made at least $1 million off of the affected users. While the bug is not new, it has been exploited extensively in the past day. Elliptic, a blockchain analytics firm, reported that the bug was exploited eight times in a twelve-hour period before the morning of January 24.
OpenSea has been hit by an attack involving multiple users. According to the company, the attacker used phishing to trick 32 OpenSea users into signing up to a malicious contract, which allowed them to steal and flip their NFTs. While some of the stolen tokens were returned to their owners, the attacker kept some, leaving some of them with more than $1 million in NFTs.
The hackers took advantage of a bug in the OpenSea smart contract. After tricking the users into signing a rogue smart contract, the hacker was able to drain 250 NFTs in just a few hours. The exploited code was associated with an upgrade to the platform’s contract system. The upgrade was supposed to fix an old issue where users were required to pay gas fees in order to list their properties.
Hackers tricked 17 victims into signing a malicious payload
The hacker’s devious strategy involved copying a message from the marketplace to users. This deceptive message instructed users to migrate their listings before the deadline of February 25. As a result, the victims provided the attacker with their payload signature. OpenSea is investigating the attack and hopes to identify the culprit.
The hacker’s scheme is not related to a general smart contract exploit. Instead, it was a phishing attack. The attacker used a helper contract, called OS, that was deployed more than four years ago. It used valid atomicMatch data to trick its victims into thinking they were dealing with a legitimate source. As a result, the hacker’s payloads were crafted to look like those from legitimate sources.
Fortunately, the attack was very limited. The attackers targeted the users of OpenSea, one of the largest marketplaces for NFTs on the Internet. The hackers tricked the victims into signing a malicious payload that allowed them to send their NFTs to the criminals for free. The company has reassured its users that the site is safe and is currently investigating the attack.
The hacker used phishing techniques to trick OpenSea users into signing a malicious payload. This enabled the attacker to access the victims’ accounts and steal NFTs from them.
The attack is particularly dangerous as phishing attacks continue to rise in number. Attackers are targeting the NFT marketplace in order to steal funds. They tricked 17 victims into signing malicious payloads by tricking them into confirming fake transactions. The attackers then use the stolen funds to purchase more NFTs.
Hackers used phishing attack to steal NFTs
The hacker exploited a bug in the NFT marketplace to steal NFTs from OpenSea users. The phishing attack involved tricking users into signing a partial contract, which allowed the attacker to transfer ownership of NFTs for free. The attack targeted 32 users, but was successful in penetrating only 17 of them. The hacker was able to get away with the stolen NFTs in a matter of three hours.
The phishing attack occurred on a popular NFT exchange called OpenSea, which is the world’s largest NFT marketplace. The attack affected 32 users, stealing valuable NFTs worth about $1 million. As a result of the hack, the attacker now owns $1.7 million worth of ETH. OpenSea is continuing its investigation into the attack and does not believe that it is related to their website.
The hackers used phishing emails to trick users into authorizing migration to a new platform. As a result, users should be extremely careful about any communication from OpenSea and revoke migration permissions if they receive one. OpenSea is also investigating rumors of an exploit associated with smart contracts.
The attackers reportedly exploited a bug in the OpenSea system. However, this time, it wasn’t a generalized smart contract exploit. Instead, the hacker exploited a latent phishing attack. To do this, the hacker used a helper contract called OS, which was deployed four years ago. This contract had valid atomicMatch data. In addition, OpenSea confirmed the hack through a tweet and urged users to use the official website.
Reimbursement for affected users
Following the recent hack, OpenSea has refunded affected users with $1.8 million. The hack was caused by hackers exploiting an internal system bug, which caused customers to sell valuable NFTs below market value. The company has been investigating the problem and has since contacted affected users.
The bug was reportedly present as early as December 31st and was first discovered on January 12th. This loophole allowed opportunists to steal millions of NFTs from OpenSea users. These opportunists could also transfer the NFTs to other wallets without cancelling the old listings.
The attack affected 32 users and occurred between 5 PM and 8 PM Eastern time. According to a blog post written by Molly Whit, the attacker stole over $1 million worth of NFTs from affected users.
Hackers exploited the bug by sending NFTs to the hacker’s email. The hackers were able to make off with the assets, but they did not notify the affected users. This is a significant security breach for OpenSea. While the company has been responsive to the issue, it is not yet clear what the exact compensation plans are.
The attack did not result from a general smart contract exploit, but rather a latent phishing attack. In this case, the attacker exploited a bug in a helper contract, called OS, that was deployed over four years ago. The OS contract still had valid atomicMatch data. OpenSea has confirmed this was a phishing attack and is working to remedy the issue.
A recent funding round for OpenSea has helped the company recoup some of the lost NFTs. The company also paid bounty rewards to two ethical hackers for finding critical vulnerabilities in the NFT marketplace. Each of the hackers received $100,000. One of the hackers is Corben Leo, a security expert and chief marketing officer at security firm Zellic, who discovered the bug via HackerOne. The vulnerability could have been exploited by malicious hackers and allowed them to compromise OpenSea’s infrastructure.
