- Pocket Universe has warned against a new exploit on the OpenSea contract.
- A detailed guide regarding the harm, how the exploit works and how to stay alert & safe has been issued.
- More details regarding the warning will be shared soon by Pocket Universe.
According to Pocket Universe, a new exploit is being utilized to steal users’ NFTs on the old OpenSea contract. Anyone who will sign in will see their wallet draining to zero.
A new exploit on the old Opensea contract is being used to steal your NFTs— Pocket Universe 🟣 (@PocketUniverseZ) October 28, 2022
Signing this innocent transaction could empty your wallet
Here’s a simple breakdown so you don’t lose everything
The transaction checker has shared how to keep away from losing anything.
By the end of this thread, you’ll understand— Pocket Universe 🟣 (@PocketUniverseZ) October 28, 2022
1. What could I lose?
2. How does it work?
3. How do I stay safe?
Let’s do it ↓
Starting with what could be lost, any wallet that’s been listed on OpenSea before May this year is at the risk of turning empty.
1. What could you lose? 💸— Pocket Universe 🟣 (@PocketUniverseZ) October 28, 2022
Well, it can drain any NFT that you’ve listed on Opensea from before May 2022
That’s before they updated to Seaport pic.twitter.com/8yMCytSjjz
For matching orders, Opensea used to deploy the Wyvern Protocol. In the previous version of OpenSea, one would provide the substitute contract the authority to withdraw their non-fungible tokens. This is the basic ‘’setApprovalForAll permission,’’ thus, the particular substitute contract reserves the right to withdraw all NFTs that were listed before May this year.
The latest exploit fools the user to sign a transaction, which ultimately enables the attacker to have the ownership of the substitute or proxy contract. Needless to say, this lets them withdraw the user’s NFTs.
So that’s how it works.— Pocket Universe 🟣 (@PocketUniverseZ) October 28, 2022
This innocent transaction gives them ownership of your proxy contract with 0 warnings ⚠️
+ they make it look like a mint so you FOMO into signing
So, how can you avoid this?
Luckily, there are three ways to stop this unfortunate situation from taking place.
To begin with, as a user, check your transaction and see what it says. If there’s anything that says ‘upgrade to,’ consider it to be a red flag.
Another way is to visit @RevokeCash followed by reversing permissions to “Opensea (old).” Doing so costs a certain gas per collection that’s reversed. It also means that the proxy contract does not reserve the right to withdraw the assets anymore.
Third and the final way is utilizing @PocketUniverseZ. If the exploit takes place, a red warning popup shows up.
The third way is using our tool @PocketUniverseZ— Pocket Universe 🟣 (@PocketUniverseZ) October 28, 2022
You’ll see this red warning popup if you come across this exploit
And we’ll make the warning more descriptive soon! pic.twitter.com/FVS5CB7J0G