Over the weekend, a hacker stole NFTs worth millions of dollars worth from OpenSea users. The development spread concerns regarding the importance of security in Web3.
On Feb. 19, various OpenSea users said their wallets had been robbed of valuable NFTs. The total value of the robbery was estimated at about $3 million. OpenSea said it believed the cause was a phishing attack from outside of OpenSea.
According to media reports, the attack targeted 32 users. They were lured into clicking scam links to sign a smart contract that gave permission for their tokens to be transferred to another wallet. The hacker was able to rob over 250 NFTs in a matter of hours.
It merits mentioning that OpenSea makes use of off-chain signs to execute gasless trade. They can be executed, which means that users do not need to be connected for an NFT order. It’s thought that the hacker got the victims signing transactions with Wyvern, an exchange protocol used by OpenSea.
The incident highlights the surging need for exercising caution while signing smart contract transactions. The development also serves as a reminder of the threats in every corner of Web3 and the need for users to educate themselves about the risks within the landscape. To combat the risks of falling victim to attacks, there are various steps active Web3 users can lock to protect themselves.
It is necessary to know the permissions associated with a crypto wallet. According to experts, phishing attacks are a primary concern because signing a malicious signature may cause the loss of every NFT in a wallet.
Users need to be careful when interacting with suspicious contracts or signing off-chain messages. In link with the OpenSea incident, many reports of phishing email campaigns have come to light. It is thought that hackers have found ways of sending emails that appear to resemble prominent email domains. Thus, users should be wary of emails that demand a transaction from Web3 wallets.