New Exploit Found in Old OpenSea Contract Could Lead to User NFT Theft

Pocket Universe tweeted that a new exploit has been discovered in an old OpenSea contract that could lead to the theft of user NFTs. The founder of SlowMist said that the exploit calls the upgradeTo function of the target contract 0xE0c.... .7b4e of the upgradeTo function, which is part of: OwnableDelegateProxy of OpenSea Wyvern Protocol.

If the target user confirms the wallet pop-up box, upgradeTo is called to change the default assigned implementation address to the phisher's own malicious contract address. The phisher then steals the target user's previously listed NFTs on OpenSea (before May 2022) through the malicious contract.

Source

OpenSea

NFT

Security Incidents

Related News
Bybit hackers move over half the stolen ETH onto Bitcoin, largely using ThorChain Bybit hackers move over half the stolen ETH onto Bitcoin, largely using ThorChain
Stablecoin neobank Infini exploited for $49 million: security analysts Stablecoin neobank Infini exploited for $49 million: security analysts
Sony’s Soneium debuts its first music NFT collection with crypto record label Sony’s Soneium debuts its first music NFT collection with crypto record label
NoOnes CEO Ray Youssef discloses $8 million exploit weeks after the fact, confirming crypto sleuth ZachXBT's investigation NoOnes CEO Ray Youssef discloses $8 million exploit weeks after the fact, confirming crypto sleuth ZachXBT's investigation
Arbitrum, Azuki-backed Animecoin unveils tokenomics with over 50% community allocation Arbitrum, Azuki-backed Animecoin unveils tokenomics with over 50% community allocation
Latest News More More
14 Hours Ago 0xbow unveils ‘Privacy Pools,’ a new blockchain privacy tool drawing from Vitalik Buterin’s research
5 Days Ago Ethereum edges closer to deploying Pectra on mainnet with successful upgrade on Hoodi testnet
5 Days Ago MEXC Extends DEX+ Platform to Binance Smart Chain Users
March 25 Binance suspends employee for allegedly profiting off of insider information
March 25 BlackRock launches bitcoin ETP in Europe following US success
delate
Use TokenInsight App All Crypto Insights Are In Your Hands
Open