🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

Hundreds of NFTs Stolen in OpenSea Phishing Attack

Published 02/21/2022, 01:00 PM
Updated 02/21/2022, 01:31 PM
Hundreds of NFTs Stolen in OpenSea Phishing Attack
ETH/USD
-

The world’s largest NFT marketplace, OpenSea, suffered a massive heist this weekend as 254 unique non-fungible tokens (NFTs) were stolen.

Thirty-two OpenSea wallets were emptied of NFT assets during the intrusion, which later appeared to be a phishing attack. The damages to affected parties amounts to an estimated $3 million in total.

What Happened?

Multiple OpenSea users opened their NFT wallets on Saturday only to find them empty, and devoid of valuable assets, including NFTs from the Decentraland, Bored Apes Yacht Club, Cool Cats, and Doodle collections.

More than an hour after the losses were noticed, Opensea reported an ongoing investigation into what “appears to be a phishing attack originating outside of OpenSea’s website.”

Soon after, OpenSea CEO Devin Finzer confirmed that the heist was the outcome of a phishing attack which caused 32 unfortunate users of the platform to sign a malicious payload from the attacker.

It was later determined that the hacker used a standard phishing email mimicking the official mail shared by OpenSea just a day before.

The malicious email urged users to migrate their tokens to the new smart contract before Friday, February 25th, otherwise all existing tokens would expire.

A day before the attack OpenSea announced its smart contract dedicated to removing inactive NFT listings from its platform. Following the upgrade, OpenSea users were required to transfer their old and expired NFT listings hosted on the Ethereum blockchain to a new smart contract. The upgrade was intended to make it difficult for bad actors to trick users into signing orders without them realizing what was happening.

By the end of 2021, the absolute majority of the OpenSea transactions (97%) were carried out on the Ethereum network. The popular marketplace currently offers cross-blockchain support, covering Ethereum, Polygon and Klaytn blockchains.

OpenSea’s CTO Nadav Hollander later commented that none of the malicious orders originated from OpenSea’s website, nor from the official company’s emails. According to him, the orders were unrelated to OpenSea’s migration flow.

The hacker thus exploited users by tricking them to visit an imposter website, where victims signed orders that appeared legitimate to migrate their NFTs to the new OpenSea contract. Instead of secure transfers though, users sent their NFTs to the hacker’s wallet, allowing the bad actors to take control of nearly $3 million worth of non-fungible tokens.

OpenSea later reported that the attack was active for a number of hours, but no malicious activity had been detected since.

The world’s largest NFT marketplace promised that it would continue its investigation and keep users updated. As of Monday 21st, OpenSea has confirmed a narrowed list of 17 victims, contrary to the previously reported 32.

In a meantime, OpenSea users continue to report their drained NFT wallets, and blame the platform for denying an attack and minimizing a problem.

Not the First Time

The phishing attack is not the first time OpenSea users have been abused by malicious actors.

As recently as January 2022, attackers exploited a vulnerability in the world’s largest NFT platform by accessing old NFT listings, buying them for old prices, and then reselling them for their contemporary price, which generated an instant profit of around 332 ETH ($800,000 USD).

EMAIL NEWSLETTER

Join to get the flipside of crypto

Upgrade your inbox and get our DailyCoin editors’ picks 1x a week delivered straight to your inbox.

[contact-form-7] You can always unsubscribe with just 1 click.

Continue reading on DailyCoin

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.