OpenSea Investigating Rumors Of NFT Exploit, Suspects Phishing Attack

By Bibhu Pattnaik of Benzinga

Sunday, February 20, 2022 12:45 PM EDT

The world's largest digital marketplace for crypto collectibles and non-fungible tokens, OpenSea, announced that it is investigating a scam targeting users of its NFT platform. OpenSea posted a tweet saying that it appears to be the target of a phishing attack originating outside of OpenSea's website.

We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of https://t.co/3qvMZjxmDB.
— OpenSea (@opensea) February 20, 2022

Following the warning, the firm’s CEO Devin Finzer went on Twitter and said that the company is “not aware of any recent phishing emails that have been sent to users,” and suggested a fraudulent website may be to blame.

As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022

According to reports, the hacker has stolen roughly $3 million in assets, which includes popular NFTs like Bored Apes, Azuki, and CloneX. On Saturday evening, Benzinga warned OpenSea users not to migrate their NFTs until further clarity.

URGENT WARNING: Reports of NFTs being stolen on OpenSea from users manually migrating their NFTs. DO NOT MIGRATE YOUR NFTs UNTIL FURTHER CLARITY!! (more info in this thread)
— Benzinga (@Benzinga) February 20, 2022

Dogecoin (DOGE-X) co-creator Billy Markus also sent a tweet about the incident.

apparently the new opensea contract migration is compromised and people are stealing NFTs or something?

anyway that’s bad
— Shibetoshi Nakamoto (@BillyM2k) February 20, 2022

On Twitter, the OpenDAO responded to OpenSea’s recent attack.

The OpenDAO’s response to the recent phishing attack on OpenSea:https://t.co/R6TAc00Rfv

Join our Twitter Spaces:https://t.co/TjtKHckf30 pic.twitter.com/gm9psJyE6z
— OpenDAO🆘 (@The_OpenDAO) February 20, 2022

Blockchain security company PeckShield said that the rumored exploit was “most likely phishing,” a malicious contract hidden in a disguised link. The company cited that same mass email about the migration process as one of the possible sources of the link.

How did you like this article? Let us know so we can better customize your reading experience.

Comments

Leave a comment to automatically be entered into our contest to win a free Echo Show.