Category: OpenSea

$790,000 Worth of Rare Bear NFTs Stolen in Brazen Phishing Attack

Post author By Jana Serfontein
Post date March 19, 2022

Members of the Rare Bears NFT community woke on March 16 to find it had lost assets to the tune of US$790,000 due to a phishing scam. According to the team, weakened security of its Discord group allowed a perpetrator to spread a phishing link.

Rare Bear is a collection of 2,400 NFTs of cartoon-themed bears built atop the Ethereum blockchain. It was launched via a public mint last week and created by a New-Zealand-based digital artist called Enox.

Attacker Poses as Moderator

The phishing attack took place when an unknown person gained unauthorised access to the project’s Discord server, posing as an official moderator. There, the attacker was able to share a phishing link designed to steal people’s funds. The project took to Twitter to inform its community:

🚨 Warning 🚨@BearsRare
Discord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speak 🙏🏼
— Rare Bears (@BearsRare) March 17, 2022

The attacker shared a message saying there was a new NFT mint, and then provided a link to a phishing site. Another user known as “steldes” on Twitter posted a screenshot of the phony announcement on the Discord server, with the scammer named Zhodan.

Malicious Smart Contract Allows Control Over Wallets

The fake announcement informed members of an additional 1,000 rare NFTs being added to the collection at a mint price of 0.1 ETH, or US$280. The website hosted a malicious smart contract that, when interacted with, allowed control over the victims’ wallets. As a result the hacker stole 179 NFTs and other assets belonging to everyone who participated in the mint:

Thats y I minted 2 bears! All because It is shown in your discord announcement, it is not from direct message that i minted. We want Reimburse. pic.twitter.com/dDJ4HACoYK
— steldes (🚀,🚀) (@steldes) March 17, 2022

The hacker then moved the assets to their Ethereum address. Soon after, most NFTs were sold one by one to the tune of 286 ETH, amounting to US$790,000. Exactly 213 ETH of the total was routed through mixing service Tornado Cash and 72.3 ETH was sent across three wallets:

Got scammed and lost 0.3 eth and a 0.3 rare bare
— Nathan Rayburn (@RayburnNathan) March 17, 2022

Phishing Scams Rife in NFT Space

Due to the unregulated nature of the digital asset space, scams are an all too often occurrence, targeting NFTs heavily. A popular method of stealing NFTs is via phishing attacks. In January, a Bored Ape collector lost NFTs worth a whopping US$2.2 million. OpenSea also experienced a phishing scam in February in which at least US$3 million worth of NFTs were stolen.

Crypto News MetaMask NFTs OpenSea Russia

OpenSea Updates Banned Countries List, Sparking Decentralisation Debate

Post author By Jana Serfontein
Post date March 8, 2022

OpenSea, the world’s largest NFT marketplace, has updated its list of banned countries according to the US sanctions list and has many bringing up the issue of decentralisation.

We’re truly sorry to the artists & creators that are impacted, but OpenSea is subject to strict policies around sanctions law. We're a US-based company and comply with US sanctions law, meaning we're required to block people in places on the US sanctions lists from using OpenSea
— OpenSea (@opensea) March 3, 2022

US-based OpenSea has reportedly begun barring Iranian users from its platform, which has led to outrage from NFT collectors and sparked a fresh debate regarding decentralisation in the crypto space. The list has expanded since last week, adding Iran to the list after only users in separatist areas of Ukraine were banned, along with users from Venezuela who were added to the list in error.

The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the US.
US Office of Foreign Assets Control

Iranian Artist Vents to 4,700 Followers

Last week, Iranian users of OpenSea woke up and started posting on Twitter that their accounts had been deactivated or deleted without prior warning from the platform. “Bornosor”, an NFT artist from Iran, vented his frustrations to 4,700 followers in a tweet that gained traction very swiftly, garnering 342 retweets and 1,000+ likes within just a few hours:

NOT A gm AT ALL

Woke up to my @opensea trading account being deactivated/deleted without notice or any explanation, hearing lots of similar reports from other Iranian artists & collectors.
What the hell is going on?
Is OS straight up purging its users based on their country now?
— Bornosor.eth (@Bornosor) March 3, 2022

According to an OpenSea spokesperson, OpenSea reserves the right to block users based on sanctions:

“Our terms of service explicitly prohibit sanctioned users or users in sanctioned territories from using our services. We have a zero-tolerance policy for the use of our services by sanctioned individuals or entities and people located in sanctioned countries. If we find individuals to be in violation of our sanctions policy, we take swift action to ban the associated accounts.”

As it stands, current US sanctions outline that American companies are not allowed to provide goods or services to any users based in countries on the sanctions list, including Iran, North Korea, Syria, and now also Russia:

I saw #OpenSea and #Metamask blacklisting and shutting down users on the sanction list.(countries like Iran, Cuba, Syria and so on)
This was not the decentralized system!
This was not the deal!
— Khashayar sharifaee (@sharifaee) March 3, 2022

Actions from OpenSea Provoke Decentralisation Debate

The actions taken by OpenSea have fostered new debates about whether large blockchain-based firms and services are adequately decentralised, with the MetaMask wallet joining in on enforcing sanctions:

MetaMask is a client-side wallet that strives to make the blockchain maximally accessible to everyone. Infura had a misconfiguration this morning, but it has been corrected now. https://t.co/CYAhvGunHo
— MetaMask 🦊💙 (@MetaMask) March 3, 2022

According to MetaMask’s Twitter account, Venezuelan users were accidentally banned from accessing their wallets after blockchain development company Infura inadvertently broadened the scope of its sanctions to the South American country.

Crypto News Ethereum MetaMask NFTs OpenSea

OpenSea and MetaMask Block Users from ‘Some’ Countries

Post author By Jana Serfontein
Post date March 5, 2022

MetaMask wallet and OpenSea users from Iran and Venezuela have been blocked in Ethereum transactions after the platforms cited compliance issues. It was later confirmed that Ethereum’s Infura cut off users to separatist areas in Ukraine, accidentally blocking Venezuelan users as well.

Not only @opensea
But MetaMask itself is also BANNING every wallet associated with an Iranian IP address.

🚨 THIS IS NOT A DRILL 🚨

Iranian People are losing access to their NON CUSTODIAL Wallets with this update.
This is UNACCEPTABLE! pic.twitter.com/qDEBcezJba
— Bornosor.eth (@Bornosor) March 3, 2022

Users in Iran and Venezuela began reporting problems this week with accessing their digital wallets, with hordes of users saying none of their transactions sent through MetaMask was realised.

The first instances of bans were noticed on the NFT platform OpenSea, which reportedly locked and deactivated several Iranian users. Users from Venezuela began reporting problems with accessing their own wallets soon after, with thousands of messages popping up on social media.

The issue was briefly addressed by MetaMask on its support page, saying that MetaMask and Infura would be unavailable in certain jurisdictions due to legal compliance issues. When attempting to use MetaMask in one of those regions, users received a message stating that MetaMask was unable to connect to the blockchain host.

In response to the concerns we have been hearing, we want everyone to know that we corrected the problem that so many of you have pointed out. In changing some configurations as a result of the new sanctions directives from the United States and other jurisdictions, we
— Infura (@infura_io) March 3, 2022

While users were able to see their MetaMask balances and transaction histories, any attempt to interact with the Ethereum network was blocked, meaning that the ban stemmed from Infura, the Ethereum API infrastructure developed by ConsenSys.

Iran Users Blocked from OpenSea

MetaMask and Infura are not alone. Reports are also circulating on social media of users from Iran being blocked on OpenSea:

Same! My verified collection with 218 ETH volume traded was just disappeared pic.twitter.com/IhJDuJZPuK
— Parin (@ParinHeidari) March 3, 2022

NFT artist Parin Heidari also reported that her NFT collection on OpenSea was showing 404s in response to the previous tweet.

These episodes follow a recent call from Ukraine’s Vice Prime Minister for crypto exchanges to block Russian users.

Ethereum Hackers OpenSea Polygon Solana

White Hat Hacker Reveals OpenSea Plans to Integrate Solana NFTs

Post author By Jana Serfontein
Post date March 5, 2022

Images allegedly leaked from the leading NFT marketplace, OpenSea, indicate that the platform may soon introduce Solana-based NFTs. The images were discovered by tech blogger Jane Manchun Wong, well known for leaking information about yet-to-be-released features from specific technology platforms:

https://twitter.com/wongmjane/status/1486072506532626432

OpenSea is the market leader when it comes to NFTs and, as it stands, supports both the Ethereum and Polygon blockchain networks. Since its inception, OpenSea has recorded about US$22.73 billion in NFT sales, with 1,358,052 traders leveraging the platform.

Wong Gets It Right Again?

Wong, who in December was also first to report that Twitter would integrate Ethereum into ‘Tip Jar’, tweeted in January that “OpenSea is working on Solana integration, as well as Phantom wallet support”. She added: “OpenSea’s Chains Filter [shows] Solana as an option.”

https://twitter.com/wongmjane/status/1486077324630302721

This discovery is not the first time rumours of OpenSea adding Solana features have surfaced. The animator and Solana advocate @bhaleyart tweeted a similar image of OpenSea’s blockchain filter in mid-November:

Probably nothing ☕️ #opensea #Solana #NFTs pic.twitter.com/UxsgdD2uxN
— B.Haley💰SOL (@bhaleyart) November 14, 2021

White Hat Hackers to the Rescue

White hat hackers, also known as ethical hackers, have been widely active of late in the crypto space. Apart from leaking information, they have saved many companies from attacks. Just a couple of weeks ago, a white hat hacker chose to accept a US$2 million bounty instead of “printing unlimited Ethereum”.