As the non-fungible token (NFT) industry grows, so do the number of attempted scams. Now, a new type of hack involving the OpenSea platform’s auction functionality is threatening NFT holders
NFTs threatened by hacks
If there is one activity that keeps on renewing itself, it is hacking. New types of attacks are continually emerging in the Web3 and hackers are becoming more inventive in tricking users out of their funds.
A new scam has just emerged and seems to threaten non-fungible token (NFT) holders and users of the OpenSea platform. Harpie, a company offering firewalls against hacks, has revealed the details of this hacking technique.
Hackers have been able to steal NFTs like magic with a little-known OpenSea feature. It’s the newest hack, and multiple millions in Apes have been lost to it already.
(1/4) pic.twitter.com/fTK20WQrgh
– Harpie (@harpieio) December 22, 2022
In short, this scam uses a little-known feature of OpenSea, which allows users of the platform to set up auctions without gas charges. To do so, they simply need to sign an approval transaction, the message of which then appears unreadable (see the image attached to the tweet).
So the scammer simply creates a phishing website to lure his prey and asks them to connect their wallet. Except that in reality, the signature that the user validates does not allow them to identify themselves but to approve the auction of the NFTs in their wallet for 0 Ether (ETH).
If the trapped individuals accept this transaction, they risk losing all their NFTs which will be immediately sent to the hacker’s wallet. At the time of writing, 14 Bored Ape (BAYC) have been stolen in this way.
