There is a rumor brewing that OpenSea, world’s most popular NFT website has been hacked. Many thinking OpenSea has churned out new contracts, but it’s just a phishing attempt at making you give permissions on phishing website.
One twitter user claims OpenSea is lying and there’s infact a vulnerability that does allow hacker to steal NFTs.
Just like that… one line of code and all your jpegs are gone 🤣
There is no need to scramble and use untrusted / unknown revoking DAPPs if you didn’t interact with phishing email sent ~30 days ago. This is the perfect time for a scammer to introduce a site that actually makes you do the opposite of revoke.
However, if you have a hot wallet that interacts with smart contracts or a cold wallet with some NFTs, it is advisable that you remoke permissions of all websites just to be on safe side.
This OpenSea hack sounds similar to one of the attacks a while back where the adversary used a FE flaw to make their contract appear verified as part of a wider attack. For bonus points, sell the NFT below floor to yourself and lose nothing.