avatar

New Exploit Found in Old OpenSea Contract Could Lead to User NFT Theft

Pocket Universe tweeted that a new exploit has been discovered in an old OpenSea contract that could lead to the theft of user NFTs. The founder of SlowMist said that the exploit calls the upgradeTo function of the target contract 0xE0c.... .7b4e of the upgradeTo function, which is part of: OwnableDelegateProxy of OpenSea Wyvern Protocol.

If the target user confirms the wallet pop-up box, upgradeTo is called to change the default assigned implementation address to the phisher's own malicious contract address. The phisher then steals the target user's previously listed NFTs on OpenSea (before May 2022) through the malicious contract.

Source

OpenSea

NFT

Security Incidents

Related News
Arbitrum, Azuki-backed Animecoin unveils tokenomics with over 50% community allocation Arbitrum, Azuki-backed Animecoin unveils tokenomics with over 50% community allocation
Trump’s fourth NFT collection logs sales over $2 million, not tradable on secondary markets until 2025 Trump’s fourth NFT collection logs sales over $2 million, not tradable on secondary markets until 2025
Trump Says He’ll Release Fourth NFT Collection: 'The People Want Me to Do Another One' Trump Says He’ll Release Fourth NFT Collection: 'The People Want Me to Do Another One'
NFT sales fell 44% as crypto dipped, memecoins steal ‘mind share’ in Q2 NFT sales fell 44% as crypto dipped, memecoins steal ‘mind share’ in Q2
Enforcement of South Korean virtual assets law prescribed in decree Enforcement of South Korean virtual assets law prescribed in decree
Latest News More More
8 Hours Ago Sky’s lending subDAO Spark targets up to $1.1 billion in direct exposure to Ethena’s USDe and sUSDe tokens
1 Day Ago Sony’s Layer-2 Blockchain 'Soneium' Goes Live
1 Day Ago Japan’s Remixpoint buys 33.3 additional bitcoin, boosting holdings to nearly $32 million
2 Days Ago Singapore bans Polymarket amid national crackdown on online gambling sites
5 Days Ago Mantra and Damac sign $1B deal to tokenize Middle Eastern assets

About TokenInsight

Services

Products

Support

Google Play
Google Play
Google Play
2018 – 2023 © TokenInsight Ltd. All rights reserved
Disclaimer Terms of Service Privacy Policy
delate
Use TokenInsight App All Crypto Insights Are In Your Hands
Open