OpenSea suspends smart contract update due to phishing attack

• OpenSea is investigating “rumors” about an exploit in the system after updating the smart contract

• Users claim to have been the victim of a phishing attack

• Criminals used the update to spread malware links

• So far known about 18 affected

On Friday, 18 February, the largest NFT marketplace OpenSea began updating the built-in smart contract. However, the procedure had to be suspended due to a panic on Twitter related to a possible exploit.

The key task of the update is to remove inactive NFT lists from the site. Users were asked to transfer tokens to a new smart contract until : (EST) 18 February.

However, the administration had to suspend the update. The thing is that just a few hours later, some users announced hacker attacks.

OpenSea has issued a statement that it is investigating these precedents. On Saturday evening, the following message appeared on the official country of the marketplace:

“Looks like this is a phishing attack. Do not click on any links outside the official website of the marketplace.”

Maybe attackers used the update to steal data. As a result, users risk losing tokens from old lists that have not yet been transferred to the new smart contract.

Once the owner allows the NFT to be transferred via a malicious link, the hacker steals the token. Therefore, it is important to manage the listing directly on the marketplace itself.

201920201920The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned.

— Devin Finzer (dfinzer.eth) (@dfinzer) February , 1080