Tuesday, July 23, 2024

OpenSea planned upgrade stalls as phishing attack targets NFT relay


Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETHThe blockchain for a new smart contract. As a direct result of the upgrade, users who do not migrate from Ethereum risk losing their old, inactive listings – which currently do not require a gas fee for migration.

The Non-Fungible Cryptocurrency (NFT) marketplace OpenSea was reported to have fallen victim to an ongoing phishing attack within hours after announcing a planned week-long upgrade to remove inactive NFTs on the platform.

However, the urgency and the short deadline opened a small window of opportunity for hackers. Within hours after OpenSea upgrade announcementHowever, reports have surfaced across multiple sources about an ongoing attack targeting NFT teams that will soon be taken down.

Further investigation revealed that the attackers used phishing emails to steal NFTs before migrating them through the new OpenSea smart contract. Once the user authorizes the NFT relay from the fraudulent email, the attackers gain access to the NFTs.

Users are now advised to beware of all connections from OpenSea as well as revoke all permissions related to the transition to the new smart contract.

OpenSea co-founder and CEO Devin Finzer acknowledged the phishing attack while confirming that 32 users have lost NFTs so far. While the NFT market has yet to decipher the ongoing attack, blockchain investigator Peckshield suspects the possible leak of user information (including email identifiers) that fuels the ongoing phishing attack.

See also  Buyers are flocking back into the housing market as prices fall for the first time since 2012

However, Finzer has asked affected users to reach out to the company, concluding:

“If you are concerned and want to protect yourself, you can opt-out of access to your NFT collection.”

Related: The British Tax Authority has confiscated the NFT for the first time in a VAT fraud case

Her Majesty’s Revenue and Customs (HMRC), the UK’s main tax authority, has seized three NFTs linked to suspected tax evasion fraud.

As Cointelegraph reported, the suspects used false identities and set up 250 fictitious companies to evade value-added taxes of £1.4 million (about $1.8 million).