Nuked A spreadsheet compiled by peckshield counted 254 tokens stolen over the course of the attack. It included tokens from decentraland and bored ape yacht club.
The bulk of the attacks took place between 5pm and 8pm ET, targeting 32 users. Molly white, who runs the blog Web3 is going great, estimated the value of the stolen tokens at more than $ 1.7 million.
Attackers signed a partial contract, with a general authorization and large parts left blank. With the signature in place, attackers completed the contract with a call to their own contract, which transferred ownership of the nfts without payment.
‘they all have valid signatures from the people who lost nfts so anyone claiming they did n’t get phished but lost nfts is sadly wrong’.
Opensea provides a simple interface for users to list, browse, and bid on tokens without interacting directly with the blockchain. That success has come with significant security issues, as the company has struggled with attacks that leveraged old contracts or poisoned tokens.
Opensea was in the process of updating its contract system when the attack took place. But opensea has denied that the attack originated with the new contracts.
The rapid pace of the attack – hundreds of transactions in a matter of hours – suggests some common tool of attack. opensea CEO Devin Finzer said the attacks had not originated from opensea’s website, its various listing systems, or emails from the company.
