LONDON: World’s largest NFT (non-fungible token) marketplace, OpenSea on Sunday confirmed that it has been hit by a phishing attack and at least 32 users had lost their valuable NFTs worth $1.7 million.
The NFT marketplace, in a Tweet, wrote: “We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website.”
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of https://t.co/3qvMZjxmDB.
— OpenSea (@opensea) February 20, 2022
OpenSea Co-Founder and CEO, Devin Finzer acknowledged the phishing attack, confirming that 32 users have lost NFTs so far.
I know you’re all worried. We’re running an all hands on deck investigation, but I want to take a minute to share the facts as I see them:
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
He said rumours that this was a $200 million hack are false and the attacker “has $1.7 million of ETH (Ethereum) in his wallet from selling some of the stolen NFTs.
“The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned,” Finzer added.
Finzer warned users about signing messages and asked them to always ‘double check that you are interacting with https://opensea.io in your browser when you sign messages.’
While the NFT marketplace was yet to figure out the magnanimity of the cyber attack, Blockchain investigator Peckshield said he suspects a possible leak of user information (including email ids) that fuelled the phishing attack.
The hack happened as OpenSea announced a new smart contract upgrade with a one-week deadline to delist inactive NFTs on the platform. The smart contract upgrade required users to migrate their listed NFTs from ETH blockchain to a new smart contract.
Within hours after OpenSea’s upgrade announcement, reports across multiple sources emerged about an ongoing attack that targets the soon-to-be-delisted NFTs.
The phishing attack on NFT marketplace occurred as the UK tax authority last week seized three NFTs as part of a probe into a 1.4 million pounds (nearly $1.9 million) fraud case, the BBC reported on Monday.
The authority said it was the first UK law enforcement to seize an NFT. Her Majesty’s Revenue and Customs also seized 5,000 pounds worth of crypto assets ($6,762) alongside three NFT artworks, which have yet to be valued.
