Top non-fungible token (NFT) marketplace OpenSea says a phishing attack is likely behind the exploit that left a small number of users unable to access their NFTs.
Earlier this month, OpenSea announced that it would be upgrading the smart contract it uses to help address the inactive listing issues it was experiencing on Ethereum (ETH).
Track live crypto price of 10000+ coins!
The update involves the migration of NFT listings to the new Wyvern smart contract. According to the announcement, listings that have not been migrated by February 25th will expire.
Blockchain security and data analytics firm PeckShield says bad actors jumped at the opportunity and may have launched a phishing scam that allowed them to steal millions of dollars worth of NFTs.
Though unconfirmed, the @opensea hack is most likely phishing. Users authorize the “migration” as instructed in the phishing email and the authorization unfortunately allows the hacker to steal the valuable NFTs… pic.twitter.com/Fj5d9ImC2r
— PeckShield Inc. (@peckshield) February 20, 2022
CEO of OpenSea Devin Finzer confirms the attack, saying that 32 users were affected and that some of the stolen NFTs have been returned.
“As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
The attack doesn’t appear to be active at this point – we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned.
Importantly, rumors that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.”
OpenSea itself is issuing an update on Twitter, saying that the incident is isolated and only “a small number of people” were affected. The NFT marketplace also says the scam does not appear to be email-based, suggesting that the malicious link spread in a different way without using email.
OpenSea also highlights that the migration tool is safe to use.
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/Zapp2Photo
Download MAXBIT Android App, Your best source of all crypto news!
Share this article: