NFTs Worth $1.7M Stolen from OpenSea Users

OpenSea’s CEO Devin Finzer has denied the claims that a vulnerability in their smart contract was exploited to steal NFTs from users.

OpenSea users have suffered losses amounting to $1.7 million (578 ETH). According to PeckShield blockchain security service, hundreds of Non-Fungible Tokens (NFTs) were stolen by attackers on Saturday, causing panic among OpenSea users.

As per the spreadsheet compiled by PeckShield, 254 tokens were stolen, including Bored Yacht Club and Decentraland tokens.

Details of the Incident

Reportedly, a major chunk of the attacks occurred between 5:00 p.m. and 8:00 p.m. ET. OpenSea users posted that all of their NFTs had been removed from their wallets. A Twitter user named Neso posted that he checked every transaction, and all have valid signatures.

Strange Timing

The timing of this attack is crucial since OpenSea was updating its contract system when attackers struck it. However, the platform has refuted the reports that the new contracts instigated the attack. OpenSea is currently investigating the issue. In total, 32 users were targeted in the attack.

More NFT news on Hackread.com

1. Official website of Banksy hacked for fake NFT scam
2. OpenSea vulnerability allowed crypto theft with malicious NFTs
3. Hot wallet hack: Hackers steal $18.7m from Animoca’s Lympo NTF platform
4. HackRead & Verify announce strategic partnership to combat crypto scams

OpenSea CEO says it was a phishing attack

It is not yet clear how the attackers managed to steal the NFTs from their legit owners’ wallets. It is being theorized that a phishing scam tricked affected users, while some believe that a vulnerability with OpenSea was exploited by the hacker(s) to steal NFTs.

OpenSea CEO Devin Finzer clarified in a Twitter post that the attacks didn’t originate from their website, emails, or its numerous listings.

The CEO of the NFT boom’s most valuable companies is certain that it was a phishing attack that’s no more active, and 32 users might have signed a malicious payload sent by the attacks, leading to NFT theft. Finzer also stated that they are trying to find out the “exact nature of the phishing attack.”

Protect your NFTs

If you are a crypto investor or own NFTs, learn how to spot a phishing email, avoid clicking links sent by an anonymous sender and only visit websites that you trust. Under suspicious circumstances, use VirusTotal to scan malicious files and links.