обновления OpenSea несут уязвимость, при которой злоумышленники рассылали внешние ссылки и крали NFT

  • OpenSea is investigating “rumors” about an exploit in the system after updating the smart contract
  • Users claim to have been the victim of a phishing attack

  • Criminals used the update to spread malware links

  • So far known about 18 affected

On Friday, 18 February, the largest NFT marketplace OpenSea began updating the built-in smart contract. However, the procedure had to be suspended due to a panic on Twitter related to a possible exploit.

The key task of the update is to remove inactive NFT lists from the site. Users were asked to transfer tokens to a new smart contract until : (EST) 18 February.

However, the administration had to suspend the update. The thing is that just a few hours later, some users announced hacker attacks.

OpenSea has issued a statement that it is investigating these precedents. On Saturday evening, the following message appeared on the official country of the marketplace:

“Looks like this is a phishing attack. Do not click on any links outside the official website of the marketplace.”

Maybe attackers used the update to steal data. As a result, users risk losing tokens from old lists that have not yet been transferred to the new smart contract.

Once the owner allows the NFT to be transferred via a malicious link, the hacker steals the token. Therefore, it is important to manage the listing directly on the marketplace itself.

201920201920The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned.

— Devin Finzer (dfinzer.eth) (@dfinzer) February , 1080

Presumably , as a result of the attack, at least 18 user. Peckshield admits that there was a leak of personal data, so the criminals got access to email addresses.

Over the past few months, OpenSea has experienced a lot of problems. First, the site administration introduced a restriction on the release of new tokens through a built-in smart contract, but then rolled back the changes under pressure from the audience. The platform later admitted that over 80% NFT created in this way is a complete “slag”.