At least US$3 million worth of non-fungible tokens (NFTs) have been stolen in a phishing attack targeted to dozens of users in the decentralised marketplace OpenSea.
In a tweet, OpenSea’s CEO Devin Finzer said that the attack wasn’t related in any way to the OpenSea website – it was rather a phishing attack where at least 32 users were tricked into signing a migration authorisation of their NFTs to the hacker’s wallet.
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
On February 19, OpenSea announced a smart-contract upgrade that requires users to migrate their NFTs from the Ethereum blockchain to the new set of smart contracts. Failing to do so leaves their old NFT listings inactive.
But four weeks ago, the hackers deployed a smart contract on Etherscan with the goal of collecting as many signatures as possible from OpenSea users. The OpenSea smart-contract update came at perfect timing for hackers, as the short deadline of the upgrade gave them a small window of opportunity to deceive users.
The hackers started sending phishing emails to trick users into signing a message to migrate their NFTs to the new OpenSea smart contract, but it was instead someone else’s wallet:
Always Double-Check What You’re Signing
After the attack, Finzer warned OpenSea users to always double-check what they’re signing. Affected users are currently dealing with OpenSea Support to investigate the attack:
OpenSea has been in hot water recently due to continuous attacks and bugs found on the platform. On January 4, the platform had to freeze 16 Bored Apes worth US$2.2 million that had been stolen in a phishing attack.
Just a few weeks later, hackers found a bug on the OpenSea platform that allowed them to purchase NFTs at well below market value.
The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.
Discussion about this post