UD Cloud Service & Security

SupportAboutLogin
EN

Learn the lesson from OpenSea phishing attack

Back to listing

Learn the lesson from OpenSea phishing attack


As NFTs trading frenzy continues, some projects has recorded sky high prices, fraud and scam cases also increased. Over US$1.7 millions in NFTs was swindled in the recent phishing attack on NFT marketplace OpenSea. The incident involved 254 NFTs being stolen which included some of the invaluable collection of Bored Ape Yacht Club and Azuki NFTs. It raised public concern about the cyber attacks on blockchain. Is your NFT safe?

 

ad-banner1

How did the OpenSea users lose their NFTs? 

After investigation, it is believed that hackers sent phishing emails to users during the smart contract system update of OpenSea. The phishing email mimicked the real smart contract upgrade email of the platform, and invited users to log in to the website and migrate their existing NFT listings to a new smart contract by, otherwise all existing auctions will be removed after February 25. 

 

Hackers also set up another smart contract in the phishing website. Many users have mistaken that it is an official email, and entered the phishing website. Users then have signed the authorization to allow hackers to transfer NFTs from their wallet.

 

OpenSea CEO Devin Finzer tweeted that the new contract has no issue, and the attacks had not originated from OpenSea’s website. It is believed to be a phishing attack. 

 

 

This is the look-so-real phishing email of the incident. 

 

 

How to protect your NFT and other digital assets? 

With the rising value of many NFT collections, hackers have their eye on the users' wallets. In addition to NFT, hackers will also transfer other assets in the victim's wallet, such as Ethernet (ETH) and Bitcoin (BTC).
 

To avoid your assets being stolen, learn the following tips:
 

  • Use multiple independent wallet addresses to handle transactions of different NFT projects to reduce the risk of simultaneous theft.
     
  • Crypto social media Discord is getting popular. Beware of the unofficial announcement links in the group, or admin private messages.
     
  • Note whether the email sender is from the official email. For instance, the most commonly used hot wallet Metamask does not have the user's email address. Be alert when receiving email from Metamask.
     
  • Trusted platforms will not ask users to submit the "seed phrase" of your wallet.
     
  • Use a cold wallet to hold your assets. Remember to purchase your wallet from official channels.

 

 

其他人也看了

認清「殭屍幣」「復活」的假像|章濤專欄From Web2 to Web3: How TON Chain and Tada Mini App Revolutionize Crypto Payments for BusinessesA User's Guide to Operating Ton Blockchain on Telegram and Its ApplicationsChain Abstraction: Simplifying Blockchain Interoperability for Multi-Chain dApps, DeFi, and NFTs避開VC幣|章濤專欄