NFTs worth $1.7M stolen via OpenSea phishing attack

Posted:
in General Discussion edited February 21
Collectors of NFTs that used OpenSea have been affected by a phishing attack, with a total of 254 tokens estimated to be worth more than $1.7 million stolen over a three-hour period.




On Saturday, OpenSea became aware of rumors about smart contracts connected to the non-fungible token (NFT) marketplace. In investigating the claims, it discovered that users were actually being affected by a fairly typical phishing attack.

Emails set to look like an OpenSea Community Update were sent to customers, inviting them to migrate their Etherium listings to a new smart contract. As OpenSea introduced its own legitimate smart contract one day prior, the phishing email took advantage of the change.

According to OpenSea and CEO Devin Finzer on Twitter, the phishing attack doesn't appear to be connected to the OpenSea website itself, and was operated separately, reports Decrypt. It seems that only 32 people were affected by the email, signing a contract with a malicious payload, which led to the victims signing over NFTs to the attacker.

In an explainer thread linked by Finzer, it appears the attack had the victims signing half of a Wyvern order, referencing an open-source standard typically used in NFT smart contracts. The order was effectively empty except for call data and a target of the attacker's contract, with the victim signing half while the attacker signed the other.

After signing, the attacker calls their own contract listed in the double-signed order, which then starts the process of transferring the victim's NFTs to the attacker.

Since the discovery, some of the NFTs that were taken have been returned, while others have been sold by the attacker. An examination of the attacker's wallet reveals it has collected Etherium valued at $1.7 million, far below a $200 million valuation that spread via rumors.

OpenSea is still investigating the incident to determine how exactly the attack took place.

Read on AppleInsider

Comments

  • Reply 1 of 18
     smart contracts connected to the non-fungible token (NFT) marketplace. 

    Read on AppleInsider
    Did you mean to say non-functional tokens?  The only thing I've seen them accomplish is to transfer wealth from one person to another, with no value in return.

    netroxbaconstangAnilu_777docbburknapoleon_phoneapartBeatswatto_cobra
  • Reply 2 of 18
    Aww, so sad. Sorry, not sorry.
    Anilu_777tokyojimuwatto_cobracornchip
  • Reply 3 of 18
    badmonkbadmonk Posts: 1,086member
    Looks like people got suckered twice.
    tokyojimuwatto_cobraretrogusto
  • Reply 4 of 18
    Time will tell with all this bitcoin and crypto stuff.  Some believe it is really just a big Ponzi scheme.  Warren Buffett has said he has no interest - he said it produces nothing therefore it has no value.  
    Anilu_777cornchipsconosciutolkruppwatto_cobra
  • Reply 5 of 18
    M68000 said:
    Time will tell with all this bitcoin and crypto stuff.  Some believe it is really just a big Ponzi scheme.  Warren Buffett has said he has no interest - he said it produces nothing therefore it has no value.  
    This also applies to some currencies in the world which is no longer back by gold or silver. But of course, these currencies is back by the countries. So people trust these money based on the faith of the country can guarantee the value. Will a country back a crypto currency, I don’t think so, risk too high and almost no way to control it. But will a country used it their own currencies, it is already happening.
    BeatscgWerkswatto_cobra
  • Reply 6 of 18
    M68000 said:
    Time will tell with all this bitcoin and crypto stuff.  Some believe it is really just a big Ponzi scheme.  Warren Buffett has said he has no interest - he said it produces nothing therefore it has no value.  



    If one of the wisest and shrewdest investors on the planet has no interest then that says it for me. 
    cornchipwatto_cobrajony0
  • Reply 7 of 18
    NFTs should just be right clickable jpegs anyway. 

    What a scam it is, just to help crypto pretend to be legit. 
    cornchipsconosciutobonobobtokyojimuwatto_cobra
  • Reply 8 of 18
    This is so poorly written that I can’t even make sense of what happened. Even the first sentence:

    On Saturday, OpenSea became aware of rumors that smart contracts connected to the non-fungible token (NFT) marketplace.
    isn’t a sentence. There’s no main verb. 


    uraharacornchiptokyojimuwatto_cobra
  • Reply 9 of 18
    This is so poorly written that I can’t even make sense of what happened. Even the first sentence:

    On Saturday, OpenSea became aware of rumors that smart contracts connected to the non-fungible token (NFT) marketplace.
    isn’t a sentence. There’s no main verb. 


    Well, technically, it could be a proper sentence, but I understand what you mean.

    watto_cobra
  • Reply 10 of 18
    Alex_VAlex_V Posts: 108member
    “A fool and his money…”
    watto_cobra
  • Reply 11 of 18
    M68000 said:
    Time will tell with all this bitcoin and crypto stuff.  Some believe it is really just a big Ponzi scheme.  Warren Buffett has said he has no interest - he said it produces nothing therefore it has no value.  
    You may wish to change your opinion as it appears Warren Buffett has too:
    https://bitcoinist.com/warren-buffett-invested-1-billion-in-a-digital-bank/
    cornchip
  • Reply 12 of 18
    lkrupplkrupp Posts: 10,030member
    The idea that 1s and 0s arranged in a certain way have real value is a completely foreign concept to someone like me. If the world economy collapses only those with gold, silver, platinum, diamonds ,etc., will have anything of value. Most of the world’s currencies are no longer backed by real assets anyway.
    edited February 21 watto_cobrajony0
  • Reply 13 of 18
    zimmiezimmie Posts: 609member
    They can't be stolen. They were transferred via a legitimate transaction recorded immutably on the blockchain, which everybody has been telling me is the only thing trustworthy enough to build the future of the economy!
    watto_cobra
  • Reply 14 of 18
    BeatsBeats Posts: 3,073member
    Well that sucks. I thought the blockchain was a secure method of buying/selling for the future.

    Someone got their worthless crap stolen.
    watto_cobra
  • Reply 15 of 18
    cgWerkscgWerks Posts: 2,843member
    I half-wonder if this NFT thing was just setup to try and make Bitcoin and other blockchain efforts look silly to the uninformed (which is most people). While I can ultimately see some NFT-tech uses, this thing has been a joke (including/especially the shotty implementation!).

    M68000 said:
    Time will tell with all this bitcoin and crypto stuff.  Some believe it is really just a big Ponzi scheme.  Warren Buffett has said he has no interest - he said it produces nothing therefore it has no value.  
    Bitcoin (and crypto-stuff), yes. I think there will be some place for *a* more contract-oriented crypto in the end, but it is really about Bitcoin in terms of investment. Warren has been talking to some of the bigger players in Bitcoin the last week or two, and while maybe he'll eventually come around, he's mostly ignorant about it at this point. How can he given a meaningful evaluation if he doesn't even know how it works?

    viclauyyc said:
    This also applies to some currencies in the world which is no longer back by gold or silver. But of course, these currencies is back by the countries. So people trust these money based on the faith of the country can guarantee the value. Will a country back a crypto currency, I don’t think so, risk too high and almost no way to control it. But will a country used it their own currencies, it is already happening.
    Exactly! Keeping the USD on top costs $ trillions and a LOT of lives. And, when that trust gets lost, it isn't going to be pretty.

    A couple big hurdles for Bitcoin:
    More 'off-ramps' which would be best if they were people accepting it directly for goods and services (there is a lot more than most people realize, currently, but it could be a lot better).

    Tech-simplification/education. It is too easy right now for people to make expensive mistakes, let alone understanding so they set thing up correctly/securely, and don't fall prey to various schemes.

    lkrupp said:
    The idea that 1s and 0s arranged in a certain way have real value is a completely foreign concept to someone like me. If the world economy collapses only those with gold, silver, platinum, diamonds ,etc., will have anything of value. Most of the world’s currencies are no longer backed by real assets anyway.
    The value is in having something available worldwide to continue trading which isn't tied to any of the sinking ships, and can't be confiscated by them. The limited supply is also key. If any meaningful percentage of the world's population start using it, the price has to go up (in terms of investment stability). However, the core Bitcoiners don't care as much about how much it is worth, as they are what it is worth in terms of practical use.

    zimmie said:
    They can't be stolen. They were transferred via a legitimate transaction recorded immutably on the blockchain, which everybody has been telling me is the only thing trustworthy enough to build the future of the economy!
    What can you do if the core tech uses the password, 'password'? LOL The problem here isn't NFTs, but a horribly sloppy business created around them.
  • Reply 16 of 18
    zimmiezimmie Posts: 609member
    cgWerks said:
    I half-wonder if this NFT thing was just setup to try and make Bitcoin and other blockchain efforts look silly to the uninformed (which is most people). While I can ultimately see some NFT-tech uses, this thing has been a joke (including/especially the shotty implementation!).

    M68000 said:
    Time will tell with all this bitcoin and crypto stuff.  Some believe it is really just a big Ponzi scheme.  Warren Buffett has said he has no interest - he said it produces nothing therefore it has no value.  
    Bitcoin (and crypto-stuff), yes. I think there will be some place for *a* more contract-oriented crypto in the end, but it is really about Bitcoin in terms of investment. Warren has been talking to some of the bigger players in Bitcoin the last week or two, and while maybe he'll eventually come around, he's mostly ignorant about it at this point. How can he given a meaningful evaluation if he doesn't even know how it works?

    viclauyyc said:
    This also applies to some currencies in the world which is no longer back by gold or silver. But of course, these currencies is back by the countries. So people trust these money based on the faith of the country can guarantee the value. Will a country back a crypto currency, I don’t think so, risk too high and almost no way to control it. But will a country used it their own currencies, it is already happening.
    Exactly! Keeping the USD on top costs $ trillions and a LOT of lives. And, when that trust gets lost, it isn't going to be pretty.

    A couple big hurdles for Bitcoin:
    More 'off-ramps' which would be best if they were people accepting it directly for goods and services (there is a lot more than most people realize, currently, but it could be a lot better).

    Tech-simplification/education. It is too easy right now for people to make expensive mistakes, let alone understanding so they set thing up correctly/securely, and don't fall prey to various schemes.

    lkrupp said:
    The idea that 1s and 0s arranged in a certain way have real value is a completely foreign concept to someone like me. If the world economy collapses only those with gold, silver, platinum, diamonds ,etc., will have anything of value. Most of the world’s currencies are no longer backed by real assets anyway.
    The value is in having something available worldwide to continue trading which isn't tied to any of the sinking ships, and can't be confiscated by them. The limited supply is also key. If any meaningful percentage of the world's population start using it, the price has to go up (in terms of investment stability). However, the core Bitcoiners don't care as much about how much it is worth, as they are what it is worth in terms of practical use.

    zimmie said:
    They can't be stolen. They were transferred via a legitimate transaction recorded immutably on the blockchain, which everybody has been telling me is the only thing trustworthy enough to build the future of the economy!
    What can you do if the core tech uses the password, 'password'? LOL The problem here isn't NFTs, but a horribly sloppy business created around them.
    I was being facetious. My point is that if things can still be stolen (and they can, without a doubt), then an immutable record of transactions is fundamentally untrustworthy.

    I'm a mathematician. I think anything blockchain-related is valueless specifically because I understand what blockchains can and cannot do. The only problem they solve relates to double-spending an asset while waiting for a transaction to clear. That is not a problem anybody actually has. In fact, blockchains make most common problems vastly worse.

    Warren Buffet's evaluation is correct: cryptocurrencies have all the negative properties of fiat currencies (no utility, therefore no intrinsic value), all the negative properties of asset-backed currencies (limited supply, therefore deflationary) and all the negative properties of stocks (volatile), and none of the positive properties of any of them. They are shares of stock in a company which does not produce anything today and which will never do so at any point in the future. Buffet wrote an elegant explanation of why gold is a garbage investment in his letter to investors in 2011, and gold has utility. The explanation starts at the bullet on the lower half of page 18.

    Assets can be lost or stolen, and there's no feasible way to regain control of them. This compounds the intentional deflationary characteristics. The deflation is so bad if we relied on them for anything significant we would have experienced the worst economic depression in history.
  • Reply 17 of 18
    cgWerkscgWerks Posts: 2,843member
    zimmie said:
    I was being facetious. My point is that if things can still be stolen (and they can, without a doubt), then an immutable record of transactions is fundamentally untrustworthy.

    I'm a mathematician. I think anything blockchain-related is valueless specifically because I understand what blockchains can and cannot do. The only problem they solve relates to double-spending an asset while waiting for a transaction to clear. That is not a problem anybody actually has. In fact, blockchains make most common problems vastly worse.

    Warren Buffet's evaluation is correct: cryptocurrencies have all the negative properties of fiat currencies (no utility, therefore no intrinsic value), all the negative properties of asset-backed currencies (limited supply, therefore deflationary) and all the negative properties of stocks (volatile), and none of the positive properties of any of them. They are shares of stock in a company which does not produce anything today and which will never do so at any point in the future. Buffet wrote an elegant explanation of why gold is a garbage investment in his letter to investors in 2011, and gold has utility. The explanation starts at the bullet on the lower half of page 18.

    Assets can be lost or stolen, and there's no feasible way to regain control of them. This compounds the intentional deflationary characteristics. The deflation is so bad if we relied on them for anything significant we would have experienced the worst economic depression in history.
    Interesting article (or section, I didn't read the whole thing). I think he's wrong on a few counts.

    First, the argument isn't that Bitcoin (crypto, in general, is a whole other debate!) is the most productive investment. It's just a necessary one. And, because of that necessity, it can't help but increase in value per unit (BTC/Satoshi). (The only problem I see, long-term, is that some other crypto-asset with similar properties, but far superior design/utility can eclipse it by so much, people switch to it instead.)

    The problem with Coca-Cola or those farmland fields, is that they are relatively tied to a place and relatively stable society. If you own some farmland and have to flee the country, it suddenly becomes quite worthless to you. Bitcoin can go with you. And if the society collapses, many of the corporate investments might take a substantial hit, if they survive at all. Sure, you could flee to country XYZ and still own your stock portfolio, but if the stock depends greatly on that crashed economy, it will probably not do so well either, even if it is international.

    I don't understand that set of negative properties though. No utility? If you can buy and trade with it, it has utility, right? Volatility, I think has more to do with the speculative nature right now, than what we'll see longer term. As more people buy and use it, I think the volatility will settle. You'll have to explain the deflationary thing (or I'll have to do some reading) as it has been a while since my economics class in school. :) (I've heard people talking about that aspect... that a currency needs to keep adding more... but that seemed hinged to particular schools of economic thought?)

    I don't understand the lost/stolen aspect. It *can* be lost or stolen, but that isn't very likely if you have some basic knowledge when you get started, or fix mistakes early on. There certainly is a bit more technical hurdle right now, but we're also kind of in the infancy of all of this. As people become more familiar and the technologies (especially interfaces) evolve, I think we'll get past that, too.

    Other aspects, are the decentralization. We've really seen that first-hand with the funding of the Canadian Trucker Convoy. If you can't trust the government or financial institutions, what other option is there? Go direct! This is also a great model for other crowd-funding things, or look at what Podcasting 2.0 is doing in terms of direct audience to creator funding (including automatic percentage splits). That model could be applied to any creative endeavor, from movies, to documentaries, to books, to articles, etc.

    It just solves way too many problems not to be adopted. The bigger question is which ones. Bitcoin, and ...?
  • Reply 18 of 18
    Thieves to their friends -- "Hey, we just stole $1.7M worth of NFT's!".  Friends -- "WOW, show us what you got!".  Thieves -- crickets....
Sign In or Register to comment.