New Hacking Method Scares Web 3.0 Users: How to Avoid it
Non-Fungible Tokens (NFTs) became an internet sensation back in 2021. With prices skyrocketing and new projects constantly arriving all the time, it quickly became the easiest target for hackers.
On 22 December 2022, the anti-theft company, Harpie, announced the latest hacking method that resulted in multiple millions of Apes being stolen from their owners’ wallets. The method involved gasless sales on the OpenSea platform.
The platform allows users to conduct gasless sales by signing an unreadable message. With this feature, private auctions with custom prices are also allowed. Hackers take advantage of this feature using phishing websites and asking the NFT seller to sign one of these unreadable messages to enter the website.
However, the requests are actually signature approvals for selling the NFTs to the hackers’ wallets for 0 ETH. Thankfully, Harpie announced they were able to detect these private auction scams before they hacked more people’s wallets.
The blockchain security company, CertiK, issued a warning to the crypto community that, alongside private auction scams, these “ice phishing” scams are a legitimate threat to Web 3.0 users.
CertiK has recommended using a token approval tool and a blockchain explorer site, such as Etherscan, to disallow a transaction when the address provided is not recognized. Also, users should interact with official sites like CoinMarketCap, so that they can verify and check website URL links to ensure legitimacy.
twitter.com twitter.com, cointelegraph.com
analyst opinion
Diego Kebork
On 22 December 2022, the anti-theft company, Harpie, announced the latest hacking method that resulted in multiple millions of Apes being stolen from their owners’ wallets. The method involved gasless sales on the OpenSea platform.
The platform allows users to conduct gasless sales by signing an unreadable message. With this feature, private auctions with custom prices are also allowed. Hackers take advantage of this feature using phishing websites and asking the NFT seller to sign one of these unreadable messages to enter the website.
However, the requests are actually signature approvals for selling the NFTs to the hackers’ wallets for 0 ETH. Thankfully, Harpie announced they were able to detect these private auction scams before they hacked more people’s wallets.
The blockchain security company, CertiK, issued a warning to the crypto community that, alongside private auction scams, these “ice phishing” scams are a legitimate threat to Web 3.0 users.
CertiK has recommended using a token approval tool and a blockchain explorer site, such as Etherscan, to disallow a transaction when the address provided is not recognized. Also, users should interact with official sites like CoinMarketCap, so that they can verify and check website URL links to ensure legitimacy.
twitter.com twitter.com, cointelegraph.com
Previous
Next
