One phishing hacker attack he subtracted ben $ 1.7 million in NFT from OpenSea, one of the leading online marketplaces for selling non-fungible tokens. The hackers allegedly attacked on Saturday, but on Sunday the marketplace managers assured users that it was safe to produce, buy and sell tokens using the site’s blockchain. However, the investigations continue: 32 victims and 254 tokens transferred without payment.
OpenSea, hundreds of NFTs stolen from the platform with a hacker attack
Confirmation of thefts arrives directly from the Twitter account of the co-founder and CEO of OpenSea, Become a Finzer. According to the investigations of the operators, it seems that by using phishing sites the hackers have convinced 32 users to register in a corrupt payload that authorized the transfer of the NFTs to hackers for free.
Although Finzer confirmed that the attack was carried out using the phishing tactic, thus convincing users to register on corrupt sites or download malware using scam methods, it is not known how the attack was perpetrated. In fact, the company has communicated that the attack has occurred outside the OpenSea serverswhile not specifying where and how.
The attack occurred during the migration of OpenSea to the smart contract systems of Wyvern, which began on Friday and is expected to end by 25 February. Although OpenSea excludes a link between attack and migration. According to Finzer, the origin of the attack would not be the OpenSea site. In fact he specified that none of the victims would click on suspicious links in the emails that would have exploited a vulnerability on the site.
As the OpenSea security experts say, clicking on the banner on the site and registering contracts with Wyvern should be safe for all users.
The origin of the attack is still unknown
Sunday Finzer has explained that the company is “working with users whose items have been stolen to determine a number of sites that all of them interacted with and may be responsible for corrupt registrations “. The CEO then assured that they will communicate “the exact nature of this phishing attack” as soon as possible.
The Chief Technology Officer of OpenSea Nadav Hollander ha shared analysis of the hacker attack with all users who have NFT on the site. Hollander rules out the possibility that the attack is linked to the new Wyvern contract system. Indeed, he explains that the bogus NFT orders that transferred the victims’ NFTs should be occurred before the transition to the new smart contracts. .
Instead, the company thinks the attack was targeted. Hollander writes: “32 users have seen their NFTs stolen in a relatively short period of time. This is extremely unfortunate, but it suggests a targeted attack rather than a systemic problem “.
Although the attack took place outside of OpenSea, the company is still helping users at this troubled stage. Understanding where the attack comes from could help reduce the likelihood of similar attacks happening again in the future. if not to recover the stolen tokens.
Episodes like that of this colossal theft and the recent exploits that have allowed purchases at very low prices, undermine the trust of users. However, the migration to the new smart contract system could guarantee moree stability to what remains the main NFT market in the world. We will update you on the development of this story.