In a double whammy for the blockchain community, two phishing attacks targeting non-fungible tokens (NFTs) have been reported today. PeckShieldAlert reports the theft of 7,304 Meebits and 185 CryptoPhunks in a brazen phishing attack. The assailant, operating under the moniker ‘Fake_Phishing187019’, successfully executed the heist on the Blur platform.

#PeckShieldAlert #Phishing #NFT #Meebits #7304 and #CryptoPhunks #185 have been stolen by #Fake_Phishing187019 on #Blur pic.twitter.com/SPFzxNykgo

— PeckShieldAlert (@PeckShieldAlert) December 19, 2023

The stolen NFTs, valued for their uniqueness and rarity, are now under the control of the malicious actor, leaving their original owners in despair. Simultaneously, PeckShieldAlert reported an ongoing attack utilizing ERC2771 and multiple techniques. This sophisticated assault has already claimed 85 0XLBOTS and 152 CypherpunkZero NFTs.

#PeckShieldAlert We’re observing an ongoing ERC2771 + multicall attack targeting #NFTs in the wild.
It has already stolen 85 #0XLBOTS and 152 #CypherpunkZero. pic.twitter.com/05IrYt2pXH

— PeckShieldAlert (@PeckShieldAlert) December 19, 2023

The scale and precision of the attack have raised concerns within the blockchain community, prompting heightened security measures across various NFT platforms.

NFT Phishing Schemes on The Rise

Adding to the situation’s complexity, the attacks come on the heels of an incident just a day ago. Several Bored Apes and Pudgy Penguins fell victim to an abuse of the Floor Protocol, leading to their unlawful acquisition by a wallet linked to a phishing scheme. The compromise in the NFT protocol, attributed to an improper contract update initiated by the NFT marketplace founder known as “foobar,” paved the way for this exploit.

In an effort to rectify the situation, “foobar” has identified the wallet housing the stolen Bored Apes and Pudgy Penguins on etherscan. The implications of this security lapse underscore the vulnerabilities within the NFT ecosystem, emphasizing the need for a robust and proactive approach to cybersecurity.

vuln was bad upgrade 11 days ago that allowed multicalling to external contracts

simple: nftContract.transferFrom(nftHolder, me, tokenId)

and bc nftHolder approved flooring, it would succeed

left image is safe internal multicall
right image is unsafe external multicall pic.twitter.com/gEHHZyLzDc

— foobar (@0xfoobar) December 17, 2023

As the blockchain community grapples with these successive incidents, stakeholders are urged to remain vigilant and prioritize security measures to safeguard the integrity of the rapidly growing NFT space. PeckShieldAlert continues to monitor the situation closely and advises users to exercise caution in their transactions to mitigate the risks posed by malicious actors.



Read the full article here

Share.

Leave A Reply

Your road to financial

freedom starts here

With our platform as your starting point, you can confidently navigate the path to financial independence and embrace a brighter future.

Registered address:

First Floor, SVG Teachers Credit Union Uptown Building, Kingstown, St. Vincent and the Grenadines

CFDs are complex instruments and have a high risk of loss due to leverage and are not recommended for the general public. Before trading, consider your level of experience, relevant knowledge, and investment objectives and seek financial advice. Vittaverse does not accept clients from OFAC sanctioned jurisdictions. Also, read our legal documents and make sure you fully understand the risks involved before making any trading decision