TechFlow news — GmDAO founder Cyphr.ETH tweeted that hackers used a standard phishing email replicating an authentic OpenSea email sent a few days ago, tricking some users into signing permissions for WyvernExchange. There was no breach on OpenSea's side; it's simply that people didn't read the signature permissions as carefully as usual. Sushiswap developer foobar shared the same view, stating this is a massive phishing attack, and due to the migration to new system contracts, attackers were forced to activate their collected phishing links to carry out the attack.
Earlier, multiple users noticed that OpenSea's newly launched migration contract yesterday appeared to have a vulnerability, with attackers exploiting this bug to steal large numbers of NFTs and sell them for profit. Stolen NFTs include high-value collections such as BAYC, BAKC, MAYC, Azuki, Cool Cats, Doodles, and Mfers. OpenSea later responded officially: "We are actively investigating reports related to OpenSea smart contracts. This appears to be a phishing attack originating from outside the OpenSea website. Do not click on any links outside of opensea.io."




