Total Tests:

$1.7 Million in NFTs Stolen in Phishing Attack on OpenSea Users

Read also: DeadBolt ransomware targets Asustor NAS devices, logistics company Expeditors falls victim to a cyber attack, and more.

Thursday, February 24, 2022

Views: 7.3k Read Time: 3 min.

$1.7 Million in NFTs Stolen in Phishing Attack on OpenSea Users

Some users of OpenSea, the world's largest NFT (non-fungible token) marketplace, had their NFTs stolen in what appears to be a phishing attack. According to estimates, the attacker made off with over 250 NFTs worth around $1.7 million.

The incident occurred on February 19. The company promptly launched an investigation into the theft. As OpenSea co-founder and CEO Devin Finzer explained in a series of tweets, the attack has not originated from the OpenSea website. While the company believes that this was a phishing attack, they haven't yet determined the exact source. Initially, a total of 32 users were said to be affected by the incident, but in a subsequent update the company said that the number of impacted users is much smaller, 17.

It appears that the attacker took advantage of a new contract upgrade set to take place between February 18 and 25. The migration was meant to address existing inactive listings of old NFTs. In order to help users with migration process, OpenSea sent them emails with relevant instructions.

According to security firm Check Point, the attacker sent phishing emails disguised as messages from OpenSea, which contained a link to a phishing website where the users were asked to sign a transaction. The scammer then performed a series of forwarding requests resulting in the transfer of NFT’s ownership from the victim to the attacker.

Logistics company Expeditors becomes the latest supply chain firm to suffer a cyber attack

Expeditors International of Washington, a global logistics company based in Seattle, has fallen victim to a cyber attack that forced the company to shut down most of its operations worldwide to ensure the safety of its global systems.

In a brief statement on the matter the company said that it is conducting an investigation into the incident and is working with cybersecurity experts to restore the affected systems. The company did not provide any details on the nature of the cyber attack, but mentioned that it was a “significant event.”

DeadBolt ransomware now targets Asustor NAS devices

Multiple owners of Asustor Network Attached Storage (NAS) devices took to Reddit and Asustor's support forum to report of a wave of DeadBolt ransomware infections affecting data stored on the devices.

According to the DeadBolt ransom note, the attackers are demanding 0.03 bitcoins (approx. $1,050 at the current rate) to restore the encrypted files.

Asustor has launched an investigation into the attacks and temporarily disabled DDNS service for safety reasons. The service allows device owners to remotely access their NAS drives.

The company has also provided pre-emptive measures to prevent future attacks. The manufacturer has not shared any information on how the ransomware operators managed to infect NAS devices.

Hundreds of computers in Ukraine infected with wiper malware

A new destructive data wiping malware has been found on hundreds of computers in Ukraine, around the same time the country has suffered a new large-scale DDoS attack targeting the websites of a number of Ukrainian government agencies, including the Ministries of Foreign Affairs, Defense, and Internal Affairs, the Security Service, and the Cabinet of Ministers, and of the two largest state-owned banks, Privatbank and Oschadbank.

According to cybersecurity firm ESET, the malware, which is tracked as Win32/KillDisk.NCV, was detected on February 23 on hundreds of devices on Ukrainian networks. However, the PE compilation timestamp (2021-12-28) of one of the samples suggests that the attack had been likely in the works for the past two months.

The company said that the malware targets legitimate drivers from the EaseUS Partition Master software to corrupt data. The malware also would trash the device’s Master Boot Record making the device unbootable.

Symantec researchers also said they have spotted the data wiper malware in Ukraine, but also in Latvia and Lithuania.

UK, US link new Cyclops Blink malware to the Sandworm APT

Security agencies from the UK and the US have issued an alert on a new piece of malware dubbed “Cyclops Blink” tied to the Sandworm advanced persistent threat (APT) group believed to be working on behalf of the Russian government.

Cyclops Blink appears to be a replacement of VPNFilter, a sophisticated modular malware, which came to light in 2018 after a widespread campaign that targeted thousands of network devices, primarily small office/home office (SOHO) routers and network attached storage (NAS) devices.

Cyclops Blink is a sophisticated modular malware framework that targets network devices. The agencies said that the malware has been circulating since 2019, mainly affecting WatchGuard network devices. It is likely that the threat actor “would be capable of compiling the malware for other architectures and firmware” they have warned.

What’s next:

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential