OpenSea $1,700,000 Phishing Hack Analysis
OpenSea , the world's largest and most used NFT exchange, suffered a major attack on 2/19/2022, which cost users over 640 ETH worth of NFTs. Additionally, Etherscan may have suffered a coordinated DDoS attack in wake of this exploit in an attempt to block users from revoking access to their NFTs. In this write-up, I'll take a look at the smart contract ( Decompiled ) used in this attack, and break down the inner workings of what it's doing at each step. I aim to figure out how this attack happened, as well as how it can be prevented in the future. Technical Breakdown The transaction I am going to break down can be found on Etherscan . In order to get a better look at what's happening behind the scenes, I'll also use ethtx.info . The transaction begins with the attacker interacting with his contract with some calldata, which appears to be a signature for a token sale. At this time, I believe that this signature was somehow phished and stored from the vic...