OpenSea suffers phishing attack, users lose NFTs
Nugget Rush MEME Coin
Nugget Rush MEME Coin
Home Latest Cryptocurrency News OpenSea suffers phishing attack, users lose NFTs

OpenSea suffers phishing attack, users lose NFTs

By Benson Toti - min read
Updated 21 February 2022
  • World’s leading NFT marketplace acknowledged an attack but denied it had been hacked for $200 million worth of NFTs.
  • OpenSea co-founder and CEO Devin Finzer confirmed this was a phishing attack and not a breach on its website.
  • He said that at least 32 users had been duped into clicking a malicious link.
  • Blockchain security firm PeckShield said the attacker managed to “wash” $2.9 million worth of NFTs at the time of this update.

OpenSea, the world’s largest NFT marketplace, has said its investigating a phishing attack that saw attacker(s) steal non-fungible tokens (NFTs) from users.

While the platform’s co-founder and CEO Devin Finzer confirmed there had been an attack, he said it was not a network-wide breach but a phishing attack. According to Finzer, at least 32 users had lost their NFTs to the attacker.

The OpenSea chief said that rumours of a $200 million hack on the leading NFT marketplace were false.

As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen,” he noted on Saturday night following reports of the attack.

Peckshield appeared to come to the same conclusion that the theft resulted from a phishing attack involving user email addresses. The attack originated “outside of OpenSea’s website,” the firm noted.

The “exploit” happened as users ‘migrated’ their NFT listings to a new smart contract as notified by the OpenSea team.

“Users authorize[d] the “migration” as instructed in the phishing email and the authorization unfortunately allows the hacker to steal the valuable NFTs…,” Peckshied explained.

Finzer said that the attacker had managed to sell some of the stolen NFTs for ETH, amounting to about $1.7 million at the time.

An update from blockchain security and data analytics firm Peckshield on Sunday morning showed the scammer had managed to wash about 1,100 ETH, amounting to roughly $2.9 million.

Among the stolen NFTs traced to the attacker’s address were pieces from Bored Ape Yacht Club, Doodle, Cool Cats, and Azuki.

Share this article
Categories
Crime
Tags
Cyberattack
Hacked
Continue loading
We use cookies to personalise content & ads, provide social media features and offer you a better experience. By continuing to browse the site or clicking "Continue" you are consenting to the use of cookies on this website.