{"id":407875,"date":"2022-02-20T07:43:35","date_gmt":"2022-02-20T04:43:35","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/opensea-planned-upgrade-stalls-as-phishing-attack-targets-nft-migration\/"},"modified":"2022-02-20T07:43:35","modified_gmt":"2022-02-20T04:43:35","slug":"opensea-planned-upgrade-stalls-as-phishing-attack-targets-nft-migration","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/opensea-planned-upgrade-stalls-as-phishing-attack-targets-nft-migration\/","title":{"rendered":"# OpenSea planned upgrade stalls as phishing attack targets NFT migration"},"content":{"rendered":"<p>&#8220;<strong># OpenSea planned upgrade stalls as phishing attack targets NFT migration <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDIvMzBmOWZmMWQtMDlhZC00M2IwLTk0N2ItZDU4MjM5NGY0ZjY4LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don&#8217;t migrate over from Ethereum risk losing their old, inactive listings \u2014 which currently require no gas fees for migration. <\/p>\n<p>Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform.\u00a0<\/p>\n<p>However, the urgency and short deadline opened up a small window of opportunity for hackers. Within hours after OpenSea\u2019s upgrade announcement, reports across multiple sources emerged about an ongoing attack that targets the soon-to-be-delisted NFTs.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">OPENSEA EXPLOITED Everyone tag <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/opensea?ref_src=twsrc%5Etfw\">@opensea<\/a> to get them to pause their new contract while everyone figures out whats going on with the exploit! <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/NFT?src=hash&amp;ref_src=twsrc%5Etfw\">#NFT<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/NFTs?src=hash&amp;ref_src=twsrc%5Etfw\">#NFTs<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/NFTTheft?src=hash&amp;ref_src=twsrc%5Etfw\">#NFTTheft<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/NFTScam?src=hash&amp;ref_src=twsrc%5Etfw\">#NFTScam<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/NFTSecurity?src=hash&amp;ref_src=twsrc%5Etfw\">#NFTSecurity<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/NFTAlert?src=hash&amp;ref_src=twsrc%5Etfw\">#NFTAlert<\/a><\/p>\n<p>\u2014 gt_dog (@gt_dog84) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/gt_dog84\/status\/1495193670324305921?ref_src=twsrc%5Etfw\">February 20, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nFurther investigations revealed that attackers used phishing emails to steal the NFTs before they get migrated over OpenSea\u2019s new smart contract. Once a user authorizes the NFT migration from the fraudulent email, the attackers gain access to the NFTs.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Though unconfirmed, the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/opensea?ref_src=twsrc%5Etfw\">@opensea<\/a> hack is most likely phishing. Users authorize the &#8220;migration&#8221; as instructed in the phishing email and the authorization unfortunately allows the hacker to steal the valuable NFTs&#8230; <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/Fj5d9ImC2r\">pic.twitter.com\/Fj5d9ImC2r<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/peckshield\/status\/1495211650860785665?ref_src=twsrc%5Etfw\">February 20, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Users are now advised to be wary of all communications from OpenSea in addition to revoking all permissions about the migration to the new smart contract.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to be a phishing attack originating outside of OpenSea&#8217;s website. Do not click links outside of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/3qvMZjxmDB\">https:\/\/t.co\/3qvMZjxmDB<\/a>.<\/p>\n<p>\u2014 OpenSea (@opensea) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/opensea\/status\/1495211277097996290?ref_src=twsrc%5Etfw\">February 20, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>OpenSea co-founder and CEO Devin Finzer acknowledged the phishing attack while confirming that 32 users have lost NFTs so far. While the NFT marketplace is yet to decipher the ongoing attack, blockchain investigator Peckshield suspects a possible leak of user information (including email ids) that fuels the ongoing phishing attack.<\/p>\n<p>However, Finzer has asked affected users to reach out to the company as he concluded: <\/p>\n<blockquote><p>\u201cIf you are concerned and want to protect yourself, you can un-approve access to your NFT collection.\u201d<\/p><\/blockquote>\n<p><strong>Related: <\/strong><strong><em>UK tax authority makes first NFT seizure in VAT fraud case<\/em><\/strong><\/p>\n<p>Her Majesty\u2019s Revenue and Customs (HMRC), the chief tax authority in the United Kingdom, seized three NFTs associated with a suspected tax evasion fraud.<\/p>\n<p>As Cointelegraph reported, the suspects used fake identities and created 250 fake \u201cshell\u201d companies to evade 1.4 million British pounds (roughly $1.8 million) in value-added taxes.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/opensea-planned-upgrade-stalls-as-phishing-attack-targets-nft-migration\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# OpenSea planned upgrade stalls as phishing attack targets NFT migration &#8221; Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don&#8217;t migrate over from Ethereum risk losing their old,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":407876,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDIvMzBmOWZmMWQtMDlhZC00M2IwLTk0N2ItZDU4MjM5NGY0ZjY4LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74863,74891,74882,95118,103657,74355,74714,70944,86389],"class_list":["post-407875","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-cryptocurrencies","tag-ethereum","tag-hacks","tag-nft","tag-upgrade","tag-adoption","tag-email","tag-hackers","tag-marketplace"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/407875","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=407875"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/407875\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/407876"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=407875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=407875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=407875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}