By
Benjamin Njiri
April 23rd, 2024
OpenSea said it is “actively investigating” the phishing hack. So far, reports show that the malicious wallet had its first transaction in December.
There have been rumors from many Twitter users that OpenSea has suffered a phishing hack. The rumors have been making rounds amongst merchants of non-fungible tokens (NFTs) and Ethereum on the OpenSea platform.
Earlier on, the peer-to-peer cryptocurrency marketplace had arranged to amend its smart contract. OpenSea was going to release the new contract on Friday to make certain expiration of inactive listings on the platform. However, a hacker exploited the plan by sending a malicious link to users, leading to the hijack of hundreds of NFTs on OpenSea. The victims clicked on the malicious emails believing it was the migration process. OpenSea CEO Devin Finzer refuted these emails, indicating that they were sent from neither OpenSea’s domain, emails, or site banner. In Finzer’s words:
“As far as we can tell, this is a phishing attack. We don’t believe it is connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”
Unlike other cryptocurrencies, NFTs are non-exchangeable. Each one is unique and is its user’s collecting item. This is probably why some users could get their digital collectibles back.
Twitter users claimed the worth of stolen NFTs was about $200 million. However, Devin Finzer established that the hacker made $1.7 million worth of Ethereum from selling some of the stolen NFTs.
OpenSea Investigates Phishing Hack
OpenSea said it is “actively investigating” the phishing hack. So far, reports show that the malicious wallet had its first transaction in December. Also, the hacker’s address also visited other marketplaces like LooksRare and Rarible. PeckShield Inc, a blockchain security company and auditor of smart contracts, confirmed the link as a phishing hack. It recorded a total of two hundred and fifty-four stolen NFTs.
The attack, which had users sign a partial contract with general authorization, took about three hours. After that, the hacker proceeded with calls to their contract, enabling NFTs transfer without payment. Etherscan, a blockchain explorer and analytics website, has issued the hacker a phish hack warning.
OpenSea CEO also assured:
“We are actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.”
It appears that OpenSea Inc is not susceptible to malware. Rather, merchants and users of the platform were targets.
In January, OpenSea was at a valuation of $13.3 billion, an increase of over 400% if compared to its value of $1.5 billion in July. It is ranking top on the list of NFT marketplace, acting as a one-stop-shop for all crypto goods. Due to its boom, security threats are seemingly inevitable.