Opensea Stalls Ongoing Upgrade as Hackers Exploit Their Systems
Earlier today, PerkShield Inc tweeted flagging some suspicious activity on OpenSea. The tweet explained a possible phishing attack as users migrated their NFTs according to emailed instructions. OpenSea also tweeted to ask users to stop following the emailed instructions as they investigated the rumored phishing attack.
Hackers Exploit OpenSea Systems During the Ongoing Upgrade
Yesterday, OpenSea announced a new smart contract upgrade with a deadline of one week. As a result, the urgency of the upgrade and the short deadline period might have opened a chance for hackers to manipulate the systems.
Earlier today, several users complained that they received emails to transfer their NFTs and lost control of them. They claimed that the emails explained the transfer of the assets as part of the new OpenSea upgrade, but it looked like a scam. Blockchain Security company PerkShield tweeted on the occurrence, and OpenSea later asked people to ignore the emails.
The hack has hit the world’s largest NFT marketplace within hours after announcing the ongoing upgrade. Further investigations concluded that once an investor authorizes the assets migration on the email, it gives the hackers full access to them. OpenSea instructed users to wait for further instructions and to revoke all migration permissions to the new smart contract quickest possible.
The NFT Marketplace cofounder and CEO Devin Finzer said that the attack had claimed assets belonging to 32 addresses. He asked the affected users to reach out to the company while concluding:
“If you are concerned and want to protect yourself, you can un-approve access to your NFT collection.”
Devin also tweeted that the site was not hacked. He trashed the rumors of a $200M hack explaining that the users were only attacked through phishing. However, some people are still rejecting his answer insisting that a flaw in the platform’s code was manipulated by the attackers.
Opensea Hack Exposes Risks of the Web3 Innovation.
The Web3 is the incoming iteration of the internet that will rely on decentralization while underpinning digital assets. In the wake of the recent cyber attacks, this iteration of the internet seems to be carrying risks that may hinder its success.
Brilliant hackers are utilizing every opportunity available to exploit blockchain firms. Last year posted worrying statistics on the number of scams and hacking cases in the crypto space. These attacks have been targeting and hitting the crypto space very hard since crypto investors once thought they were safe.
Lately, hackers have been using fake authorizations and malicious transactions to do away with funds from different crypto platforms. Today, the same happened to OpenSea. Even though a full report on how the hackers manipulated the systems is not out, some details have leaked. It is suspected that hackers sent out emails similar to OpenSea’s, duped several collectors, and drained the assets to their wallets.
This method of swindling assets from investors has exposed the risks of Web3, where a click on a malicious link could have disastrous outcomes. It is not the first time that OpenSea users have lost their NFTs. Many high-value NFT collectors have lost control over their assets through smart contract exploits. Most of them never recover the assets.
Given that OpenSea runs on smart contracts and the Web3 will run on similar technology, a solution should be found earliest possible to ensure successful adoption of a decentralized era.