A phishing attack has resulted in 254 NFTs, worth $1.7 million in Ethereum cryptocurrency, being taken from 32 OpenSea users.
Non-Fungible Tokens (NFTs) are all the rage right now. They represent a certificate of ownership of a piece of digital media via the blockchain, which functions as a digital ledger. However, the blockchain doesn’t mean people can’t be swindled out of their NFTs.
Phishing happens when an attacker sends out a fraudulent message designed to trick a human victim into revealing sensitive information, such as login credentials, passwords, or credit card information.
In this case, the attacker found a way to maliciously use the flexibility of the Wyvern Protocol, which underpins several crypto commerce platforms such as OpenSea, believed to be the largest NFT marketplace in the world.
The approach is thought to have worked by making the users sign a partial contract on February 19. This malicious contract was then completed by the attacker, giving them ownership of the NFTs – including some from Decentraland and Bored Ape Yacht Club. After this, the attacker could sell them on.
As reported by Molly White of “Web3 is going great” Blog, the attacker returned some NFTs to the original owners and even compensated one victim with 50 Ethereum ($130,000). White reported that the attacker transferred 1,115 ETH ($ 2.9 million) obtained from the attack.
[h/t: Business Insider]