pixel
Connect with us

Crypto

Nearly $2 million worth of NFTs stolen from OpenSea accounts

OpenSea says 32 users had NFTs stolen as part of a targeted phishing campaign that scammed them into signing malicious smart contracts

opensea nft marketplace logo over screenshot of the storefront
Image: KnowTechie

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Over the weekend, a small number of users on OpenSea, a trading platform for non-fungible tokens, or NFTs, discovered that they’d been the target of a hack. Over a few hours on Saturday, a hacker shifted nearly $3 million worth of NFTs to their own wallet; lifted from 32 OpenSea users.

OpenSea thinks this was a phishing attack, although at the time it was investigating rumors of a bug in its smart contracts system, which is the system that pins ownership of individual NFTs to the blockchain.

Allegedly, it seems that the hacker patiently collected signatures through phishing emails, starting about a month ago. Instead of upgrading an OpenSea smart contract to the new version, the phish signs a private sale to the hacker. Then the hacker fills in the blank sections of the sale, transferring the stolen NFTs to their own wallet.

READ MORE: Are people already getting bored of NFTs?

In a long-winded Twitter thread, Devin Finzer, OpenSea’s co-founder and CEO explains details surrounding the hack:

It’s worth pointing out that the phishing attack may have not come from an email. Some of the affected users say they never clicked on any email links, and even showed a video of them scrolling through their inbox.

READ MORE: OpenSea warns users of NFT phishing attempts after email leak

That’s the current state of investigations into the hack, with OpenSea still continuing its own root cause investigation.

If you’re an OpenSea user and are worried about your holdings, it’s best to play it safe. Revoke all token approvals for any OpenSea smart contracts. That’s probably the smart play here, as the exploit the hacker used is expiring later this week.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Crypto