Attackers recently removed hundreds of irreplaceable (NFT) tokens from service users OpenSea Stole. Based on the information published so far, 254 tokens Stolen whose total value is approx $ 1.7 million it is estimated.
According to the file of these 254 stolen tokens PreparedThe NFT apparently included several groups, including the Dissentland and the Bored Ape Yacht Club. The attack took place around 01:30 to 04:30 yesterday morning and 32 users Targeted.
In this attack apparently from Wyvern protocol Abused is an open source standard underlying most smart contracts in the area of benefits. One of the explanations given for describing this attack is to divide it into two parts: First, the subjects have a general contract that has many empty parts. Signature Have. Then the empty parts of the contract by the attackers Full And the ownership of the tokens has been transferred.
In other words, OpenSea users signed a blank check that the attackers completed with their desired number. “I checked all the transactions,” said a user named Neso on Twitter. All from people who have lost their benefits, It was signed“Anyone who claims not to have been the victim of phishing but to have lost a victim is unfortunately wrong.”
OpenSea: The attack had nothing to do with contract updates
The OpenSea platform was updating its contract system when the attack took place. However, the company has linked the attack to new contracts Denial has done. Given the low number of victims of this attack, it is unlikely that there was really a problem with the new contracts.
However, many details of the attack are not yet known, and we do not particularly know what tricks the attackers used to persuade users to sign. White contract Have used. But the CEO of OpenSea said that the attack did not take place through the website, their sales systems or the company’s emails.