OpenSea users lose NFTs in cyber attack

By

US$1.7 millon of ETH lost in three hours.

Online NFT marketplace has experienced a phishing attack where more than 30 of its users unable to access their NFTs and close to US$2 million worth of ETH was stolen.

OpenSea users lose NFTs in cyber attack

According to OpenSea the attacker has US$1.7 million of ETH in his wallet from selling some of the stolen NFTs. There were 254 tokens stolen over three hours.

Devin Finzer, CEO and founder of OpenSea tweeted, “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”

Reports came in from users saying OpenSea was “exploited” and began tagging the marketplace on Twitter.

Blockchain security company PeckShield, said users authorised the "migration" as instructed in the phishing email and the authorisation unfortunately allows the hacker to steal the valuable NFTs.

Nadav Hollander, CTO at OpenSea said, “All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time. However, none of these orders were broadcasted to OpenSea at the time of signing.”

The attack seems to have exploited a “flexibility” in the Wyvern Protocol which is the open-source standard underlying most NFT smart contracts.

“None of the malicious orders were executed against the new (Wyvern 2.3) contract, indicating that they were signed before the migration and are unlikely to be related to OpenSea’s migration flow,” Hollander said.

According to Hollander, 32 users had NFTs stolen over a relatively short time period, “This is extremely unfortunate, but suggests a targeted attack as opposed to a systemic issue.”

Hollander said even though it appears the attack was made from outside OpenSea, is actively helping affected users and discussing ways to provide them additional assistance.

OpenSea, the eBay of the NFT marketplace is valued at US$13 billion and has become one of the most valuable NFT companies.

Got a news tip for our journalists? Share it with us anonymously here.
© Digital Nation
Tags:

Most Read Articles

Westpac pilots AI to analyse inbound call content

Westpac pilots AI to analyse inbound call content

ANZ explores agentic AI opportunities

ANZ explores agentic AI opportunities

Northcott to explore AI summarisation

Northcott to explore AI summarisation

BHP sets up AI hub in Singapore

BHP sets up AI hub in Singapore

Log In

  |  Forgot your password?