OpenSea has experienced a phishing scam. Such an attack hooked over 640 ETH in assets from 32 users with the label Fake_Phishing5169.
The OpenSea phishing attack has a lesson learned to us. Should we still want a company to provide free service for us or should we find another alternative who can really provide free service in Web3 vision?
It appears that Wyvern contract is a loophole for attackers to enter previously saved transfer calldata and token addresses to steal creators’ NFTs without actually signing from their own wallet.
No to mention that OpenSea is in the process of migrating their listings from the old contract to a new contract Wyvern 2.3 to prevent a different type of exploit.
Not Connected to Website
The CEO insisted that their website has no flaw but others disagreed to point out the flaw in their code.
OpenSea NFT Marketplace
Many people may think OpenSea is a decentralized NFT marketplace. It is more than just an NFT marketplace. OpenSea was planning to IPO recently and they compared themselves to Web2 companies like Lyft. They even recruited Lyft to become their first CFO to prepare an IPO. Such moves bring the company backward into Web2 rather than Web3 company. The recent phishing attack makes it worse. People wonder if it is still a place to list their NFTs or possible to find another place to list new NFTs.
The OpenSea phishing attack is a warning to investors and crypto enthusiasts. If the company cannot admit their error, how can they provide service to their customers as Web3 company should do?
Check out my another article DAO The Way Part 11