avatar

New Exploit Found in Old OpenSea Contract Could Lead to User NFT Theft

Pocket Universe tweeted that a new exploit has been discovered in an old OpenSea contract that could lead to the theft of user NFTs. The founder of SlowMist said that the exploit calls the upgradeTo function of the target contract 0xE0c.... .7b4e of the upgradeTo function, which is part of: OwnableDelegateProxy of OpenSea Wyvern Protocol.

If the target user confirms the wallet pop-up box, upgradeTo is called to change the default assigned implementation address to the phisher's own malicious contract address. The phisher then steals the target user's previously listed NFTs on OpenSea (before May 2022) through the malicious contract.

Source

OpenSea

NFT

Security Incidents

Related News
Quantum Cats NFT floor price plunges 54% post-Taproot Wizards mint Quantum Cats NFT floor price plunges 54% post-Taproot Wizards mint
Blur’s decline fuels OpenSea’s market share surge amid broader NFT struggles Blur’s decline fuels OpenSea’s market share surge amid broader NFT struggles
Bybit hackers move over half the stolen ETH onto Bitcoin, largely using ThorChain Bybit hackers move over half the stolen ETH onto Bitcoin, largely using ThorChain
Stablecoin neobank Infini exploited for $49 million: security analysts Stablecoin neobank Infini exploited for $49 million: security analysts
Sony’s Soneium debuts its first music NFT collection with crypto record label Sony’s Soneium debuts its first music NFT collection with crypto record label
Latest News More More
2 Hours Ago Ethereum community plans onchain ‘time capsule’ to mark 10th anniversary of network’s genesis block
5 Days Ago Circle's post-IPO stock surge pushes market cap near Coinbase and USDC
June 20 Kraken offers bitcoin ‘staking’ yield via Babylon without wrapping or lending
June 17 Trump makes over $57 million from WLFI sales, Truth Social files for Bitcoin and Ethereum combo ETF, and more
June 13 XRP Ledger adopts USDC one week after Circle goes public

About TokenInsight

Services

Products

Support

Google Play
Google Play
Google Play
2018 – 2023 © TokenInsight Ltd. All rights reserved
Disclaimer Terms of Service Privacy Policy
delate
Use TokenInsight App All Crypto Insights Are In Your Hands
Open