Hackers have been able to steal NFTs like magic with a little-known OpenSea feature
Harpie, which describes itself as the first on-chain firewall preventing hacks, scams, and theft, has issued a warning to all NFT fans.
In a Twitter thread, the company said that the “hackers have been able to steal NFTs like magic with a little-known OpenSea feature”, adding that it is the newest hack, which already resulted in multiple millions lost in Apes.
Source: Harpie’s Twitter
“The OpenSea contract allows for "gasless sales," where users can sell NFTs by signing an unreadable message like the one above. Here's the catch: you can also set up ⚠️private auctions with custom prices⚠️ with these unreadable signatures. Phishing websites will ask victims to sign a harmless-looking "login signature" to access their site. But this login signature is actually a request to private-sale your NFT for 0 ETH to the hacker's address,” the company says.
It adds that it has come up with a solution to fix this problem.
On Dec.17, an analyst reported that a scammer used the gas-less Seaport signature feature to allegedly steal 14 Bored Ape NFTs.
Scams are nothing new in the crypto world.
GNCrypto has been extensively covering scams in the crypto domain and has recently analyzed Trump’s latest NFT collection, sold on Dec.15, asking whether it is a scam.
Meanwhile, the co-founder of OneCoin Karl Greenwood, a citizen of Sweden and the U.K. who was extradited to the U.S. in 2018, pleaded guilty to one count of conspiracy to commit wire fraud, one count of wire fraud, and one count of conspiracy to commit money laundering on Friday.