{"id":18483,"date":"2022-02-20T13:03:21","date_gmt":"2022-02-20T12:03:21","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=18483"},"modified":"2022-02-20T13:03:27","modified_gmt":"2022-02-20T12:03:27","slug":"openseas-short-deadline-opens-window-of-opportunity-for-hackers","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/openseas-short-deadline-opens-window-of-opportunity-for-hackers\/","title":{"rendered":"OpenSea’s Short Deadline Opens Window of Opportunity for Hackers"},"content":{"rendered":"\n

Investigations showed that  NFTs were stolen from users via phishing emails<\/a> before being moved to OpenSea's new smart contract. The attackers acquire access to the NFTs after a user allows the migration via the phishing email.<\/p>\n\n\n\n

\"OpenSea's<\/figure>\n\n\n\n

OpenSea\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a>, an online non-fungible token marketplace, has begun investigating exploit reports, claiming in a recent tweet that it has most likely been the target of a fishing assault. After it was revealed that a hacker stole millions of dollars worth of non-fungible tokens, the NFT community <\/a>was ablaze with conjecture earlier today. <\/p>\n\n\n\n

The firm announced the introduction of a new improved smart contract on Saturday, inviting customers to move their listings without incurring gas fees before the deadline on Feb. 25. The hacker<\/a>, on the other hand, has opted to take advantage of the update by using legitimate-looking phishing emails to dupe customers into handing over their NFTs. Users are advised not to click any links outside of the official website, according to the business.<\/p>\n\n\n\n

PeckShield, a blockchain <\/a>security startup, has disclosed the full list of NFTs taken by the malicious attacker<\/a>. They're worth around $3 million in total.<\/p>\n\n\n\n

How the urgency and short deadline helped the hacker<\/h2>\n\n\n\n

Due to the urgency and short timeframe, hackers had a narrow window of opportunity. Within hours of OpenSea's upgrade announcement, various sources began reporting on an ongoing attack on the soon-to-be-delisted NFTs.<\/p>\n\n\n\n

Further analysis indicated that the NFTs were stolen via phishing emails before being moved to OpenSea's new smart contract<\/a>. The attackers acquire access to the NFTs after a user allows the migration via the fake email.<\/p>\n\n\n\n

\"OpenSea's<\/figure>\n\n\n\n

Users should be weary of all emails from OpenSea and revoke all rights related to the migration to the new smart contract.<\/p>\n\n\n\n

Devin Finzer, co-founder and CEO of OpenSea<\/a>, confirmed that 32 users had lost NFTs as a result of the phishing assault. While the NFT marketplace has yet to decipher the ongoing phishing campaign, blockchain investigator Peckshield suspects a probable loss of user data (including email addresses) that is fueling the ongoing phishing attack.<\/p>\n\n\n\n

\"OpenSea's<\/figure>\n\n\n\n

\u201cIf you are concerned and want to protect yourself, you can un-approve access to your NFT <\/a>collection.\u201d<\/p><\/blockquote>\n\n\n\n

Three NFTs were confiscated by Her Majesty's Revenue and Customs (HMRC), the UK's principal tax <\/a>department, in connection with a suspected tax evasion scheme.<\/p>\n\n\n\n

According to reports, the suspects built 250 counterfeit “shell” firms and utilized fictitious identities to escape 1.4 million British <\/a>pounds (approximately $1.8 million) in value-added taxes.<\/p>\n","protected":false},"excerpt":{"rendered":"

Investigations showed that  NFTs were stolen from users via phishing emails before being moved to OpenSea’s new smart contract. The attackers acquire access to the NFTs after a user allows the migration via the phishing email. OpenSea , an online non-fungible token marketplace, has begun investigating exploit reports, claiming in a recent tweet that it has most likely […]<\/p>\n","protected":false},"author":13,"featured_media":18492,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[6115,5370,5716,7326],"class_list":["post-18483","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-hackers-2","tag-nfts-2","tag-opensea-2","tag-smartcontract"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-268.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/18483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=18483"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/18483\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/18492"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=18483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=18483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=18483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}