OpenSea accounts hacked: NFTs worth $1.7 million stolen 

OpenSea accounts hacked: NFTs worth $1.7 million stolen from world’s largest NFT marketplace

NFT marketplace OpenSea experienced a phishing attack on several of its users after the platform announced its plans to migrate to a new smart contract. OpenSea is now investigating the attack, which seems to be inactive for more than 15 hours now.

sers of OpenSea, the world’s largest NFT (non-fungible token) marketplace, have been hit by a phishing attack that saw NFTs worth millions of dollars being stolen off their accounts. The company has since been investigating the attack and as per its latest update, it claims it to be a phishing attack that originated outside of the OpenSea website.

The attack targeted a series of NFTs on OpenSea on Sunday, including some from the famous collections like Bored Ape Yacht Club, Mutant Ape Yacht Club, and others. The targeted NFTs were the ones that were soon to be delisted from the platform following its migration to a new smart contract from the previous Ethereum blockchain. The platform had announced a one-week deadline for this migration.

The urgency for the transition created a window of opportunity for the hackers to launch a phishing attack on the NFT holders. They shot fraudulent emails to the OpenSea NFT holders, under the pretext that the emails and the fake webpage therein were the gateways for the users to get their NFTs listed on the new smart contract. As the users authorized the transition through the fraud email, their NFTs were transferred to the attackers.

A report by The Vice points at blockchain records to show that the attacker was able to transfer numerous NFTs this way to their own address. After having sold some of the NFTs, the attacker’s wallet contained more than 600 Ethereum worth about $1.7 million of stolen NFTs.

OpenSea Co-Founder and CEO, Devin Finzer first acknowledged the attack through a tweet, mentioning that the team was in touch with all the affected users. At the time, a total of 32 users were said to be victims of the phishing attack. The latest update by the company, however, reduces this number down to 17 users.

The company justifies the drop in numbers within the tweet. It states that the original count “included anyone who had interacted with the attacker,” while the recent count is more accurately represents the accounts that were actually victims of the phishing attack.

Published By : India Today


Share and Enjoy !


Leave a Reply

Your email address will not be published.