The America-based NFT trade platform is a peer-to-peer marketplace that has been a subject of news for a month, and not for good reasons. News about bugs, rug pull scams, fraudulent activities, and faulty updates has haunted OpenSea for a long time, and this time too, there has been a phishing attack.
On Sunday, OpenSea reported that it had been the victim of a phishing attempt, with at least 32 users losing NFTs valued at $1.7 million (about Rs 12.6 crore).
Devin Finzer, co-founder and CEO of OpenSea, confirmed that 32 users had lost NFTs as a result of the phishing attack.
How it happened.
The hack occurred shortly after OpenSea announced a new smart contract upgrade and a one-week deadline for dormant NFTs to be removed from the platform.
The smart contract upgrade was a response to a previous bug in the platform that enabled attackers to get their hands on the previously lower values of expensive non-fungible tokens.
Users were asked to convert their listed NFTs from the Ethereum blockchain to a new smart contract as part of the smart contract upgrade. This provided safety against the attackers.
But trouble began when within hours of OpenSea’s upgrade announcement, various sources began reporting on an ongoing attack against the soon-to-be-delisted NFTs.
According to the BBC, the phishing attempt on the NFT marketplace came after the UK tax department seized three NFTs last week as part of a probe into a 1.4 million pound (almost $1.9 million) fraud case.
How the platform is tackling it:
While the NFT marketplace has yet to determine the scope of the cyber attack, Blockchain investigator Peckshield believes the phishing attack was fueled by a probable leak of user information (including email addresses).
The suspected phishing attack has created unrest among the OpenSea community, and CEO Devin Finzer has acknowledged the situation.
Devin denied rumors that the hack was worth $200 million, claiming that the attacker “had $1.7 million in ETH (Ethereum) in his wallet from the sale of some of the stolen NFTs.”
“We’re looking at rumors of an exploit involving OpenSea smart contracts. This appears to be a phishing attack coming from somewhere other than OpenSea’s website, ” stated the NFT marketplace in a tweet.
“We don’t think it has anything to do with the OpenSea website. So far, it looks that 32 users have signed a malicious payload from an attacker, and some of their NFTs have been compromised or robbed, “commented Finzer.
The CEO of OpenSea has urged the affected people to contact him directly via Twitter. The platform has also promised a proper investigation into the matter.
- The attack is most likely unrelated to the OpenSea website, the sources come from outside the platform.
- There has been no recent malicious activity from the attacker account.
- Beware of the seller’s identity and thouroughly check the authenticity of the NFT, owner, and the marketplace.
- Create unique and complex passwords and DO NOT forget them, remember the guy who lost huge amounts of money just because he could not recall his account’s password.
- Be very careful about the links you receive in mails, Dicord groups or personal messages. Be especially sceptical of deals that sound too good to be true.