Investing.com - Financial Markets Worldwide
Get 40% Off
Get 40% Off
🚨 Volatile Markets? Find Hidden Gems for Serious OutperformanceFind Stocks Now

OpenSea’s phishing attack: What you need to know

Published 02/21/2022, 07:01 PM
Updated 02/21/2022, 04:30 PM
OpenSea’s phishing attack: What you need to know

Over the weekend, the NFT community was set ablaze following reports that NFT marketplace OpenSea was hit by a major phishing attack. While earlier reports claimed that the attacker carted away with over $200 million, OpenSea has stepped forward to clarify that only 17 users were affected and the net losses of victims are estimated at around $1.7 million.

The latest attack coincided with OpenSea’s recent smart contract upgrade. On Friday, the leading NFT marketplace announced that it was launching a new upgraded smart contract, requiring users to migrate their listings before February 25.

The hacker, however, capitalized on the said upgrade to trick users into migrating their NFTs to his own wallet through legit-looking phishing emails.

According to a spreadsheet compiled by blockchain security firm PeckShield, the malicious actor made off with 254 NFTs from the attack, including some Bored Ape Yacht Club NFTs. Although OpenSea estimates that around $1.7 million worth of NFTs was stolen, PeckShield’s list puts the cumulative worth at around $3 million. Meanwhile, Dune Analytics user Jelilat claimsthat the most NFTs stolen during the attack were 37 Azukis.

From all indications, it appears the phishing attack had nothing to do with the OpenSea platform. By authorizing “migration” as instructed in the phishing email, users were basically signing the transactions to steal their NFTs.

3rd party Ad. Not an offer or recommendation by Investing.com. See disclosure here or remove ads .

Users were directed to a fraudulent site through phishing emails. They then signed approvals with Wyvern Exchange that gave the attacker control over their NFTs. The OpenDAO explained in a post:

The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet. Unfortunately, nobody ever reads what they signed.

Continue reading on BTC Peers

Latest comments

Install Our App
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.