The anti-theft project Harpie has warned NFT users about a new hack related to sales without charging gas on the OpenSea platform. It is claimed that by using this feature, hackers were able to steal millions of dollars' worth of digital assets from users of the site.
Hackers were able to steal NFT using a little-known OpenSea function. This is the newest trick, and several million monkeys have already been lost because of it.
When users conduct so-called gas-free sales on the OpenSea platform, they must approve a signature request with an unreadable message. With this feature, users can also create private auctions with unreadable signatures.
For this reason, phishing sites use this feature to get their victims to sign one of these unreadable messages. Signatures often replace the entrance to the personal account on the site.
However, in fact, they are signature requests for the private sale of NFT to a fraudster for 0 ethers. After signing, the NFT is sent to the hacker's wallet.
Recently, CertiK, a blockchain security company, warned the crypto community about the so-called "ice phishing".
With this vulnerability, scammers trick Web3 users into signing permissions that allow attackers to spend their tokens. CertiK noted that fraud poses a serious threat and is unique to the Web3 world.