Entrepreneur Kevin Rose has announced that he lost $1.4 million in a phishing attack targeting OpenSea and NFTs, called “Seaport Signature”. Let’s look at this type of scam and how to prevent it?
https://cryptoast.fr/1-4-million-dollars-nft-derobes-eviter-attacks-phishing/
A $1.4 million hack
This Wednesday, January 25, the famous Kevin Rose has announced that he was the victim of a phishing attackhaving led the loss of $1.4 million in non-fungible tokens (NFT).
With over 1.6 million Twitter followers, he is known for being the head of the Proof podcast, from the collection of NFT Moonbirds and venture capital fund True Ventures. He quickly reacted on Twitter:
I was just hacked, stay tuned for details – please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) …
— KΞVIN R◎SE (🪹,🦉) (@kevinrose) January 25, 2023
As evidenced by its portfolio history on OpenSea, the victim allegedly lost 40 NFTs from various collections such as Autoglyph, Cool Cats or OnChainMonkey. The tokens were sent directly to the attacker’s wallet and offered for sale on the platform.
Thanks to his influence, Kevin Rose was able to get help from the OpenSea team, which froze the NFTs concerned and prevented them from being sold on its marketplace. However, they are still salable on other platforms such as LooksRare or Rarible.
👉 All about NFTs or non-fungible tokens
Buy NFTs on Binance
Discover Binance’s NFT Marketplace 🔥
How to avoid these phishing attacks?
Several experts, like the French from Nefture Security, looked into the situation and declared that this attack was of the “Seaport Signature” type. The context of this signature was not given, but it is clear that the site was malicious and built solely to lure victims. Let’s see together what this is and how you can try to protect yourself from it?
Concretely, this type of attack allows a scammer to make his victim think he is signing an endorsement transaction classic, when in reality it grants the right to list an NFT on the OpenSea marketplace. Here is an example of a signature, presented by Nefture in its explanatory thread of the Kevin Rose case:
🔹SeaPort’s intricate signature structure makes it possible for a scammer to trick an inexperienced user into signing a malicious listing on @opensea through a phishing website.
Signing it leads to your wallet being drained
How it works👇 pic.twitter.com/y1i2dKN4fW
— Nefture Security – First private beta batch LIVE (@Nefture) January 25, 2023
Seaport type signatures are a bit special since they allow you to move your tokens from one wallet to another, based on a previous approval signature you gave to OpenSea. Thus, the scammer gets all the rights to sell or transfer your NFT for free.
To protect yourself, it is therefore important to be extremely vigilant when you see a Seaport-type trust signature appear. Check that you are on an official site and find out about the usefulness of this signature. Moreover, if you are on a mint page, so never sign this type of endorsement.
Finally, we’ve featured it many times, but feel free to use the Revoke Cash website to revoke the rights you granted to OpenSea.
👉 Cryptoast’s 1st NFT collection released
Cryptoast launches its 1st collection of NFTs
NFTs associated with a collector paper journal 🔥
Sources: OpenSea, Revoke Cash
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.
Journalist for Cryptoast, I strive to dissect every detail of the exciting world of cryptocurrencies and make it accessible and understandable to as many people as possible.
Lilian Aliaga
331 items
