Blur Users: Watch Out For This Possible Exploit
Pocket Universe, a web3 security company, warned users early this morning that "Blur signatures are now being used to steal NFTs."
❗ Why It Matters
In the tweet thread, Pocket Universe highlighted a new scam that has been used in some cases to drain wallets of their NFTs using a spoofed signature request made to appear as though it is coming from Blur.
🔎 The Deets
- The way it works, according to Pocket Universe, is that the drainer website "tricks you into signing a listing that sells your NFTs for 0 ETH in return."
- Pocket Universe notes the threat in this case is exacerbated by Blur's unreadable bulk listing messages, which make it more difficult to identify a malicious request from the marketplace.
- Users can recognize these malicious requests by checking the source of the signature request. In Pocket Universe's example, the requester was an "airdrop" website, not Blur.
- Pocket Universe says it has added protection against this exploit in a recent update.
🕳️ Go Deeper
Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.