A new exploit hits OpenSea’s old contract, warns Pocket Universe


  • Pocket Universe has warned against a new exploit on the OpenSea contract.
  • A detailed guide regarding the harm, how the exploit works and how to stay alert & safe has been issued.
  • More details regarding the warning will be shared soon by Pocket Universe.

According to Pocket Universe, a new exploit is being utilized to steal users’ NFTs on the old OpenSea contract. Anyone who will sign in will see their wallet draining to zero. 

The transaction checker has shared how to keep away from losing anything. 

Starting with what could be lost, any wallet that’s been listed on OpenSea before May this year is at the risk of turning empty. 

For matching orders, Opensea used to deploy the Wyvern Protocol. In the previous version of OpenSea, one would provide the substitute contract the authority to withdraw their non-fungible tokens. This is the basic ‘’setApprovalForAll permission,’’ thus, the particular substitute contract reserves the right to withdraw all NFTs that were listed before May this year. 

The latest exploit fools the user to sign a transaction, which ultimately enables the attacker to have the ownership of the substitute or proxy contract. Needless to say, this lets them withdraw the user’s NFTs.

Luckily, there are three ways to stop this unfortunate situation from taking place.

To begin with, as a user, check your transaction and see what it says. If there’s anything that says ‘upgrade to,’ consider it to be a red flag. 

Another way is to visit @RevokeCash followed by reversing permissions to “Opensea (old).” Doing so costs a certain gas per collection that’s reversed. It also means that the proxy contract does not reserve the right to withdraw the assets anymore.

Third and the final way is utilizing @PocketUniverseZ. If the exploit takes place, a red warning popup shows up.