With the increasing popularity of digital assets, there has been substantial fear of their exploitation by malicious actors.
The non-fungible tokens (NFTs) have become more popular, and with that, there are frequent incidents of their exploitation by bad actors who have become more active these days.
In a recent revelation, it has been found that a new hack involving a new feature on the NFT marketplace OpenSea threatens NFT holders via phishing sites.
An anti-theft project named Harpie, in a recent announcement, has warned NFT users of a new hack involving gasless sales on the OpenSea platform. As per Harpie’s announcement, hackers have been able to steal millions of digital assets by exploiting the said feature.
Sources reveal that when users want to conduct gasless sales within the OpenSea platform, they must approve a signature request with an unreadable message. Not only that, but it also allows users to create private auctions with unreadable signatures.
With this feature rolling, phishing websites have been using it to ask their potential targets to sign one of these unreadable messages.
According to Harpie, the signature is essential to log in and access the website. However, the login messages are signature requests to conduct a private sale of the victim’s NFTs to the scanner for zero Ethereum. It will send the NFTs to the hacker’s wallet address if signed.
The crimes in the digital assets sector have been consistently increasing. Recently, CertiK, a blockchain security company, has also warned the crypto community over what they describe as “ice phishing.”
Through this exploit, scammers trick Web3 users into signing permissions that allow the attackers to spend their tokens. CertiK also noted that the scam is a significant and unique threat to the Web3 world.
On December 17, an analyst also uncovered how a scammer allegedly used the gas-less Seaport signature to steal 14 Bored Ape NFTs. After performing social engineering, the hacker directed the victim to a fake NFT platform before asking the holder to sign a contract. This ultimately led to the victim’s wallet being drained.
Todayq News reported an incident in July, one of the biggest NFT attacks this year. The hackers broke into the well-known NFT registration platform Premint on Sunday and made off with 320 stolen NFTs and more than $400,000 in profit. The hackers sold all 320 of the stolen NFTs on Sunday for 275 ETH, or maybe just over $400,000.