Blur Users: Watch Out For This Possible Exploit

Pocket Universe, a web3 security company, warned users early this morning that "Blur signatures are now being used to steal NFTs."

❗ Why It Matters

In the tweet thread, Pocket Universe highlighted a new scam that has been used in some cases to drain wallets of their NFTs using a spoofed signature request made to appear as though it is coming from Blur.

🔎 The Deets

The way it works, according to Pocket Universe, is that the drainer website "tricks you into signing a listing that sells your NFTs for 0 ETH in return."
Pocket Universe notes the threat in this case is exacerbated by Blur's unreadable bulk listing messages, which make it more difficult to identify a malicious request from the marketplace.
Users can recognize these malicious requests by checking the source of the signature request. In Pocket Universe's example, the requester was an "airdrop" website, not Blur.
Pocket Universe says it has added protection against this exploit in a recent update.

🕳️ Go Deeper

Author Bio

Bill Monighetti

Lucky Trader COO

A web3 degen with a soft spot for pixel art, Bill previously served a variety of roles at FantasyLabs/The Action Network including product manager and NFL news reporter. Red-pilled into NFTs by NBA Top Shot during the winter of 2020.

Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.