Multiple OpenSea users had their NFTs swiped from their Ethereum wallets last dark. Despite rumors of an exploit, OpenSea insists that a phishing attack is likely the root cause.
- A hacker stole hundreds of NFTs from OpenSea users last night.
- While a mail-mortem report has non yet been published, OpenSea team has claimed that the hacker executed a phishing assail to steal the NFTs.
- The incident is yet another reminder of the risks of self-custody in Web3.
The hacker stole hundreds of loftier-value NFTs from sought-afterward collections like Bored Ape Yacht Club, Azuki, and NFT Worlds.
OpenSea Users Targeted in NFT Hack
A hacker stole millions of dollars worth of NFTs from OpenSea users last night.
The aggressor targeted an estimated 32 collectors on the tiptop NFT marketplace and drained their Ethereum wallets. On-chain data posted past Peckshield shows that they stole over 250 pieces from loftier-value collections like Bored Ape Yacht Club, Doodles, Azuki, and NFT Worlds. Based on the floor prices for the collections,
estimated the total haul to be worth over one,000 Ethereum, or $3 million. The attacker’s wallet currently contains 641 Ethereum worth around $1.vii million, equally well as a selection of the stolen NFTs.
News of the set on showtime surfaced on Twitter late Sat when users reported suspicious activity tied to their accounts. It was initially rumored that the exploit was linked to a smart contract that OpenSea users have been migrating their NFTs to over recent weeks. However, OpenSea pointed to a likely phishing set on.
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing set on originating outside of OpenSea’s website. Do non click links outside of https://t.co/3qvMZjxmDB.
— OpenSea (@opensea) February 20, 2022
The team took to Twitter early Sunday to announce that it was “actively investigating” the rumors and that “a phishing attack outside of OpenSea’s website” was the likely crusade. OpenSea CEO Devin Finzer said that the team was “running an all hands on deck investigation” and that the 32 afflicted users had suffered from a phishing attack. Earlier this morning, Finzer reiterated his belief that it was a phishing attack. “We have conviction that this was a phishing attack,” he wrote. The security analytics firm PeckShield besides investigated the incident and shared the view that a phishing scam was probable the root cause.
NFT Hack Exposes Web3 Risks
Though a total mail-mortem analysis is nevertheless to be published, the Ethereum users foobar and isotile posted tweet storms detailing the assaulter’southward probable moves. On-concatenation data shows that they deployed a smart contract on Jan. 22 that used a call to OpenSea’southward contract. It’s thought that they tricked users into signing a transaction that transferred their NFTs to the hacker’due south wallet, likely by sending out an email that replicated the ones OpenSea sends out. In one case they had duped a sufficient number of NFT collectors into signing the malicious transaction, they executed the attack to drain their wallets.
While a phishing set on is still yet to be confirmed, the incident exposes the risks of using Web3, where signing whatsoever malicious Ethereum transaction tin can have disastrous consequences.
In contempo months, many Bored Ape Yacht Club holders take lost their high-value NFTs in similar attacks later signing away their assets. As NFTs take attracted mainstream interest and their prices accept soared, hackers accept increasingly turned to the space to target collectors. Most of the affected OpenSea users have fallen victim to phishing attacks that tricked them into signing malicious contracts. For all of the benefits of self-custody wallets and decentralization, such attacks raise questions about whether crypto and NFTs are truly gear up for mass adoption. Fifty-fifty when crypto holders apply a hardware wallet to store their assets, they are not necessarily protected against smart contract scams. For collectors, NFT hacks similar this i are a reminder of the importance of taking caution at all times in Web3, especially when it comes to checking emails and signing transactions.
Disclosure: At the fourth dimension of writing, the author of this feature endemic ETH and several other cryptocurrencies.
The Top 5 NFT Market place Alternatives to OpenSea
OpenSea became the go-to NFT market place during the technology’southward 2021 boom. Notwithstanding, the platform’south high fees, centralized model, and recent list bug have driven collectors to seek out alternative options…
OpenSea Scores Another Own Goal With Bad Communication for Users
OpenSea has told users to urgently cancel inactive listings on their NFTs to forbid opportunists from buying them at a fraction of their value. Unfortunately, OpenSea’s communication was poorly thought…
NFT Opportunists Are Making a Mint Through an OpenSea Bug
Collectors of high-value NFT collections are inadvertently selling their assets at huge discounts due to an OpenSea listing bug. Blue Flake NFTs Lost Due to OpenSea Issues A bug on…