- OpenSea is investigating “rumors” about an exploit in the system after updating the smart contract
Users claim to have been the victim of a phishing attack
Criminals used the update to spread malware links
- So far known about 18 affected
On Friday, 18 February, the largest NFT marketplace OpenSea began updating the built-in smart contract. However, the procedure had to be suspended due to a panic on Twitter related to a possible exploit.
The key task of the update is to remove inactive NFT lists from the site. Users were asked to transfer tokens to a new smart contract until : (EST) 18 February.
However, the administration had to suspend the update. The thing is that just a few hours later, some users announced hacker attacks.
OpenSea has issued a statement that it is investigating these precedents. On Saturday evening, the following message appeared on the official country of the marketplace:
“Looks like this is a phishing attack. Do not click on any links outside the official website of the marketplace.”
Maybe attackers used the update to steal data. As a result, users risk losing tokens from old lists that have not yet been transferred to the new smart contract.
Once the owner allows the NFT to be transferred via a malicious link, the hacker steals the token. Therefore, it is important to manage the listing directly on the marketplace itself.