New Exploit Found in Old OpenSea Contract Could Lead to User NFT Theft

Oct 28,2022,17:00

Pocket Universe tweeted that a new exploit has been discovered in an old OpenSea contract that could lead to the theft of user NFTs. The founder of SlowMist said that the exploit calls the upgradeTo function of the target contract 0xE0c.... .7b4e of the upgradeTo function, which is part of: OwnableDelegateProxy of OpenSea Wyvern Protocol.

If the target user confirms the wallet pop-up box, upgradeTo is called to change the default assigned implementation address to the phisher's own malicious contract address. The phisher then steals the target user's previously listed NFTs on OpenSea (before May 2022) through the malicious contract.

Source

Disclaimer: This platform includes third party opinions. We do not endorse their accuracy. Digital asset prices can be volatile. Do your own insights. See full terms here

LastData: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%Data: CLONE X 24 Hours Trading Volume Up 168.56%