OpenSea Security Concerns, Experimental DAOs, and other tips!

February 27, 2022 min read
OpenSea Security Concerns, Experimental DAOs, and other tips!

gm 👋

Thank you for being a part of the Cypherock family. It’s been an unpredictable ride getting to this point. We’re excited for you to see the end result!

This weekend we have saved a few clippings from the crypto hacks that happened this past week to keep you more informed and safe.

Team Cypherock

Security Digest

$1.7 million in NFTs stolen on OpenSea - Wyvern Protocol Attack

$1.7 million in NFTs stolen on OpenSea - Wyvern Protocol Attack

OpenSea users were the victims of a large token heist. The beginning of the attack sparked panic among their user base and many other blockchain companies. A spreadsheet compiled by the blockchain security services PeckShield counted 254 tokens stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club, with the bulk of the attacks taking place between 5 PM to 8 PM ET last Saturday.

The attack apparently exploited the Wyvern Protocol, an open-source standard for non-fungible tokens (NFTs), and a set of rules that users can program into their smart contracts. The protocol is widely used in projects such as those made using OpenSea.

A solidity developer, that goes by the name ‘foobar’ posted a series of tweets regarding the incident where they said that victims gave malicious permission to hackers who then drained the NFTs into an address they controlled. It’s believed that the hackers posed as OpenSea by some means – either through email or other communication formats – in order to convince the victims to give them permission to do so.

The recent smart contract exploit serves as a reminder that there are inherent risks in every corner of web3 and it’s important for all users to think about how to guard themselves against the dangers. To reduce the risks of being exposed to such attacks, we propose several steps any active Web3 user can follow to protect themselves.

How to prevent:

  • Make sure you understand your Ethereum wallet permissions. You can revoke wallet permissions by going to the Token Approval page on Etherscan, connecting your wallet, and finding the token approvals for each application the wallet has interacted with.

  • Avoid signing blind signatures or interacting with smart contracts you are not familiar with.

  • Take precautions while opening links from your emails especially if it involves signing with your web3 wallet.

Dapp News

Now own a Fast Food Franchise in the Metaverse - FriesDAO

Now own a Fast Food Franchise in the Metaverse - FriesDAO

FriesDAO, a new experimental decentralized autonomous organization (DAO), aims to offer participants the chance to own part of a fast-food franchise. FriesDAO plans to purchase and scale existing quick-service restaurant franchises like Popeye’s, Burger King, and Taco Bell by requesting FRIES token holders to run a decentralized network of QSR restaurants in a way that requires minimal centralized control. 🍟 🍟

The FriesDAO team plans to start with owning Subway Franchises to help and guide their partners navigate this space better and turn it into an actual business and not just a concept.

The FriesDAO members/holders will be rewarded with NFTs and other rewards. They’ve raised around $5 mn! That’s pretty wack if you ask us! Eh, just another day in web3. ⚡️

Twitter Tales

We’ve covered a bunch of phishing attacks in the past week. Here’s a thread on some technicalities behind it.

Check out the tweet here.

Technical run-down of phishing attacks

  1. Sharing a technical run-down of the phishing attacks targeting @OpenSea users, including some web3 technical education. — Nadav Hollander (@NadavAHollander)

Reddit Reads

Why you should never save your private keys in a bank safe deposit 🚩 🚩

Reminder: Don’t Store Private Keys In Bank Safe Deposit Box from r/CryptoCurrency

Is Your Crypto Safe?

Is your crypto safe

Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!

If you still wish to learn more about how you can secure your crypto better, you book a free consultation call here.

We will meet again next week. Till then, stay safe!