254 NFTs totaling 200 million yen are stolen from the NFT market giant 'OpenSea'

A new large-scale phishing attack has occurred at OpenSea , a major non-fungible token (NFT) trading platform. The number of victims of this attack is estimated to be 32, and the total damage is estimated to be over $ 1.7 million (about 200 million yen).

$ 1.7 million in NFTs stolen in apparent phishing attack on OpenSea users --The Verge

There have been a series of phishing attacks on OpenSea, and the company planned to update it to replace the smart contract protocol ' Wyvern Protocol ' that caused a series of phishing attacks.

The new phishing attack that occurred on February 19, 2022 broke the gap while OpenSea was updating. It is said that the specific method is under investigation, but it uses the specification that OpenSea was trying to fix the Wyvern Protocol that 'mostly can send a blank sales contract', so to speak, a blank check can be sent. However, it is believed that the attacker set the winning bid to zero by letting the victim sign only.

There was speculation that the total damage was 200 million dollars (about 23 billion yen), but the official denies this. As of February 20, 2022, it has been announced that 'there are 32 victims and the total damage is equivalent to 1.7 million dollars (about 200 million yen).'

Chosen as a symbol of 2021 and overheated to the point of being described as a bubble, OpenSea is one of its trading platforms with $ 13 billion in its most recent funding round. It has been evaluated as over 100 million yen and succeeded in raising 300 million dollars (about 35 billion yen), and it is considered to be one of the best positions among the platforms that are lined up.

Regarding a series of phishing attacks, the company said that phishing attacks were much more difficult for the protocol to which the Wyvern Protocol was migrated, and emphasized that protocol replacement improved security.

Regarding this incident, CTO Nadab Hollander has issued a statement that he will actively support the victims.

in Web Service,   Security, Posted by darkhorse_log