NFTs worth $1.7M stolen via OpenSea phishing attack
Collectors of NFTs that used OpenSea have been affected by a phishing attack, with a total of 254 tokens estimated to be worth more than $1.7 million stolen over a three-hour period.
On Saturday, OpenSea became aware of rumors about smart contracts connected to the non-fungible token (NFT) marketplace. In investigating the claims, it discovered that users were actually being affected by a fairly typical phishing attack.
Emails set to look like an OpenSea Community Update were sent to customers, inviting them to migrate their Etherium listings to a new smart contract. As OpenSea introduced its own legitimate smart contract one day prior, the phishing email took advantage of the change.
According to OpenSea and CEO Devin Finzer on Twitter, the phishing attack doesn't appear to be connected to the OpenSea website itself, and was operated separately, reports Decrypt. It seems that only 32 people were affected by the email, signing a contract with a malicious payload, which led to the victims signing over NFTs to the attacker.
In an explainer thread linked by Finzer, it appears the attack had the victims signing half of a Wyvern order, referencing an open-source standard typically used in NFT smart contracts. The order was effectively empty except for call data and a target of the attacker's contract, with the victim signing half while the attacker signed the other.
After signing, the attacker calls their own contract listed in the double-signed order, which then starts the process of transferring the victim's NFTs to the attacker.
Since the discovery, some of the NFTs that were taken have been returned, while others have been sold by the attacker. An examination of the attacker's wallet reveals it has collected Etherium valued at $1.7 million, far below a $200 million valuation that spread via rumors.
OpenSea is still investigating the incident to determine how exactly the attack took place.
Read on AppleInsider
On Saturday, OpenSea became aware of rumors about smart contracts connected to the non-fungible token (NFT) marketplace. In investigating the claims, it discovered that users were actually being affected by a fairly typical phishing attack.
Emails set to look like an OpenSea Community Update were sent to customers, inviting them to migrate their Etherium listings to a new smart contract. As OpenSea introduced its own legitimate smart contract one day prior, the phishing email took advantage of the change.
According to OpenSea and CEO Devin Finzer on Twitter, the phishing attack doesn't appear to be connected to the OpenSea website itself, and was operated separately, reports Decrypt. It seems that only 32 people were affected by the email, signing a contract with a malicious payload, which led to the victims signing over NFTs to the attacker.
In an explainer thread linked by Finzer, it appears the attack had the victims signing half of a Wyvern order, referencing an open-source standard typically used in NFT smart contracts. The order was effectively empty except for call data and a target of the attacker's contract, with the victim signing half while the attacker signed the other.
After signing, the attacker calls their own contract listed in the double-signed order, which then starts the process of transferring the victim's NFTs to the attacker.
Since the discovery, some of the NFTs that were taken have been returned, while others have been sold by the attacker. An examination of the attacker's wallet reveals it has collected Etherium valued at $1.7 million, far below a $200 million valuation that spread via rumors.
OpenSea is still investigating the incident to determine how exactly the attack took place.
Read on AppleInsider
Comments
isn’t a sentence. There’s no main verb.
https://bitcoinist.com/warren-buffett-invested-1-billion-in-a-digital-bank/
Someone got their worthless crap stolen.
Bitcoin (and crypto-stuff), yes. I think there will be some place for *a* more contract-oriented crypto in the end, but it is really about Bitcoin in terms of investment. Warren has been talking to some of the bigger players in Bitcoin the last week or two, and while maybe he'll eventually come around, he's mostly ignorant about it at this point. How can he given a meaningful evaluation if he doesn't even know how it works?
Exactly! Keeping the USD on top costs $ trillions and a LOT of lives. And, when that trust gets lost, it isn't going to be pretty.
A couple big hurdles for Bitcoin:
More 'off-ramps' which would be best if they were people accepting it directly for goods and services (there is a lot more than most people realize, currently, but it could be a lot better).
Tech-simplification/education. It is too easy right now for people to make expensive mistakes, let alone understanding so they set thing up correctly/securely, and don't fall prey to various schemes.
The value is in having something available worldwide to continue trading which isn't tied to any of the sinking ships, and can't be confiscated by them. The limited supply is also key. If any meaningful percentage of the world's population start using it, the price has to go up (in terms of investment stability). However, the core Bitcoiners don't care as much about how much it is worth, as they are what it is worth in terms of practical use.
What can you do if the core tech uses the password, 'password'? LOL The problem here isn't NFTs, but a horribly sloppy business created around them.
I'm a mathematician. I think anything blockchain-related is valueless specifically because I understand what blockchains can and cannot do. The only problem they solve relates to double-spending an asset while waiting for a transaction to clear. That is not a problem anybody actually has. In fact, blockchains make most common problems vastly worse.
Warren Buffet's evaluation is correct: cryptocurrencies have all the negative properties of fiat currencies (no utility, therefore no intrinsic value), all the negative properties of asset-backed currencies (limited supply, therefore deflationary) and all the negative properties of stocks (volatile), and none of the positive properties of any of them. They are shares of stock in a company which does not produce anything today and which will never do so at any point in the future. Buffet wrote an elegant explanation of why gold is a garbage investment in his letter to investors in 2011, and gold has utility. The explanation starts at the bullet on the lower half of page 18.
Assets can be lost or stolen, and there's no feasible way to regain control of them. This compounds the intentional deflationary characteristics. The deflation is so bad if we relied on them for anything significant we would have experienced the worst economic depression in history.
First, the argument isn't that Bitcoin (crypto, in general, is a whole other debate!) is the most productive investment. It's just a necessary one. And, because of that necessity, it can't help but increase in value per unit (BTC/Satoshi). (The only problem I see, long-term, is that some other crypto-asset with similar properties, but far superior design/utility can eclipse it by so much, people switch to it instead.)
The problem with Coca-Cola or those farmland fields, is that they are relatively tied to a place and relatively stable society. If you own some farmland and have to flee the country, it suddenly becomes quite worthless to you. Bitcoin can go with you. And if the society collapses, many of the corporate investments might take a substantial hit, if they survive at all. Sure, you could flee to country XYZ and still own your stock portfolio, but if the stock depends greatly on that crashed economy, it will probably not do so well either, even if it is international.
I don't understand that set of negative properties though. No utility? If you can buy and trade with it, it has utility, right? Volatility, I think has more to do with the speculative nature right now, than what we'll see longer term. As more people buy and use it, I think the volatility will settle. You'll have to explain the deflationary thing (or I'll have to do some reading) as it has been a while since my economics class in school.
I don't understand the lost/stolen aspect. It *can* be lost or stolen, but that isn't very likely if you have some basic knowledge when you get started, or fix mistakes early on. There certainly is a bit more technical hurdle right now, but we're also kind of in the infancy of all of this. As people become more familiar and the technologies (especially interfaces) evolve, I think we'll get past that, too.
Other aspects, are the decentralization. We've really seen that first-hand with the funding of the Canadian Trucker Convoy. If you can't trust the government or financial institutions, what other option is there? Go direct! This is also a great model for other crowd-funding things, or look at what Podcasting 2.0 is doing in terms of direct audience to creator funding (including automatic percentage splits). That model could be applied to any creative endeavor, from movies, to documentaries, to books, to articles, etc.
It just solves way too many problems not to be adopted. The bigger question is which ones. Bitcoin, and ...?