21/02/2022 $1.7 million in NFTs stolen in apparent phishing attack on OpenSea users

Two hundred and fifty-four tokens were stolen over roughly three hours

Illustration by Alex Castro / The Verge

On Saturday, attackers stole hundreds of NFTs from OpenSea users, causing a late-night panic among the siteโ€™s broad user base.A spreadsheet compiled by the blockchain security service PeckShield counted 254 tokens stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club.

The bulk of the attacks took place between 5PM and 8PM ET, targeting 32 users in total. Molly White, who runs the blog Web3 is Going Great, estimated the value of the stolen tokens at more than $1.7 million.

โ€œThey all have valid signaturesโ€

The attack appears to have exploited a flexibility inthe Wyvern Protocol, the open-source standard underlying most NFT smart contracts, including those made on OpenSea. One explanation (linked by CEO Devin Finzeron Twitter) described the attack in two parts: first, targets signed a partial contract, with a general authorization and large portions left blank. With the signature in place, attackers completed the contract with a call to their own contract, which transferred ownership of the NFTs without payment. In essence, targets of the attack had signed a blank check โ€” and once it was signed, attackers filled in the rest of the check to take their holdings.

โ€œI checked every transaction,โ€ saidthe user, who goes by Neso. โ€œThey all have valid signatures from the people who lost NFTs so anyone claiming they didnโ€™t get phished but lost NFTs is sadly wrong.โ€

Valued at $13 billion in a recent funding round, OpenSea has becomeone of the most valuable companies of the NFT boom, providing a simple interface for users to list, browse, and bid on tokens without interacting directly with the blockchain. That success has come with significant security issues, as the company has struggled with attacks that leveragedold contractsorpoisoned tokensto steal usersโ€™ valuable holdings.

OpenSea was in the process of updating its contract system when the attack took place, but OpenSea has denied that the attack originated with the new contracts. The relatively small number of targets makes such a vulnerability unlikely, since any flaw in the broader platform would likely be exploited on a far greater scale.

Still, many details of the attack remain unclear โ€” particularly the method attackers used to get targets to sign the half-empty contract. Writing on Twitter shortly before 3AM ET, OpenSea CEO Devin Finzer said the attacks had not originated fromOpenSeaโ€™s website,its various listing systems, orany emails from the company. The rapid pace of the attack โ€” hundreds of transactions in a matter of hours โ€” suggests some common vector of attack, but so far no link has been discovered.

โ€œWeโ€™ll keep you updated as we learn more about the exact nature of the phishing attack,โ€ said Finzer on Twitter. โ€œIf you have specific information that could be useful, please DM@opensea_support.โ€

Arts

https://www.theverge.com/2022/2/20/22943228/opensea-phishing-hack-smart-contract-bug-stolen-nft

Interesting NFTs
Bicco
๋น„์ฝ”๋Š” ํ–‰์šด์„ ์ƒ์ง•ํ•˜๋Š” ํ•œ๊ตญ์˜ ์‹ ํ™” ์† ๋™๋ฌผ์ž…๋‹ˆ๋‹ค. 2018 ๋ถ€์‚ฐ ์ธ๋””์ปค๋„ฅํŠธ ํŽ˜์Šคํ‹ฐ๋ฒŒ(BIC)์—์„œ ์ฒ˜์Œ ๋“ฑ์žฅํ•˜์˜€์ฃ . ๊ทธ์˜ ์ด๋ฆ„์€ ๊ท€์—ฌ์šด ์™ธ๋ชจ ๋•์— ํ–‰์‚ฌ์—์„œ ๋”ฐ์˜จ BIC๊ณผ Biccy(ํ˜ธ์ฃผ์—์„œ ๋น„์Šคํ‚ท์„ ํ†ต์ƒ์ ์œผ๋กœ ๋ถ€๋ฅด๋Š” ๋ง)๊ฐ€ ํ•ฉ์ณ์ ธ ๋งŒ๋“ค์–ด์กŒ์Šต๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ๊ท€์—ฌ์šด ์™ธ๋ชจ์— ์†์ง€ ๋งˆ์„ธ์š”. ๋น„์ฝ”๋Š” โ€˜์ •์˜์˜ ์ˆ˜ํ˜ธ์žโ€™๋กœ ์•Œ๋ ค์ง„ ๊ฒƒ์ฒ˜๋Ÿผ, ๊ฐ•ํ•œ ๋ฉด๋ชจ ์—ญ์‹œ ๊ฐ€์ง€๊ณ  ์žˆ๋‹ต๋‹ˆ๋‹ค.
Michael Jordan - Crown Collection
โ€œAll you needed was one little match to start that whole fire.โ€- Michael Jordan. In regards to both the action on the court and everything that happened off of it, Jordan provided a spark that changed the future in so many different ways throughout his tenure in Chicago, and even decades after the fact. And, in the end, he got everything that he wanted when he began his NBA journey: he turned the team and organization as a whole into a respected program, like the dynasties he looked up to as a child. Having steered the Chicago Bulls to an incredible six championship rings in eight years from 1991-1998, scooping up five MVP awards in the process, Jordan is one of just a handful of superstars who have truly transcended their sports. Jordan and Scottie Pippenโ€™s (right) relationship both on and off the pitch was arguably the foundation of the Bullsโ€™ incredible success. Scottie Pippen was present with Jordan for all six championships in eight seasons. Dennis Rodman (left) His relentless and smart play perfectly suited what Jordan and Jackson wanted to do to take the Bulls to greater heights. Although his exploits off the court earned him special fame, Rodman was unquestionably one of the greatest basketball players of his generation and one of the finest defensive players in the history of the game.
Metarift
โˆพ 2160 x 2160 px, Video (46.5 MB)
Lichtminer #4/4
Lichtenstein inspired wall art for the miners of ETH 5208, 4/4.
#15360
By OthersideDeployer