TechFlow reports that multiple users have issued warnings on Twitter stating that a suspected vulnerability exists in OpenSea's newly launched migration contract yesterday. Attackers are exploiting this flaw to steal large numbers of NFTs and immediately selling them for profit. The stolen NFTs include high-value collections such as BAYC, BAKC, MAYC, Azuki, Cool Cats, Doodles, and Mfers. The exact cause of the vulnerability has not yet been fully confirmed, but users who have granted permissions are advised to revoke their approvals for the affected contracts via https://revoke.cash/, https://zapper.fi/revoke, or https://etherscan.io/tokenapprovalchecker.
In response, OpenSea stated it is actively investigating reports of potential exploitation related to its smart contracts. The incident appears to stem from phishing attacks originating outside the OpenSea website, and the platform advises users not to click on any links other than those on http://opensea.io.




