In the last few days about $1.7 million in NFTs were stolen from OpenSea users, and there is quite a bit of confusion about how it was done.

In this video I talk about a number of “design decisions” in the Ethereum space, and their security issues. These include: token approvals, off-chain signing, how NFT decentralized exchanges work, and there is a bit about phishing emails thrown in for good measure.

In summary, it doesn’t look like OpenSea was to blame in this case, but just as we’ve been trying to hammer home the “don’t share your seed phrase with anyone” security mantra, it appears that “take extra care when signing requests” needs to be emphasized too.

Similar Posts:

Leave a comment