OpenSea users lose NFTs in cyber attack

By

US$1.7 millon of ETH lost in three hours.

Online NFT marketplace has experienced a phishing attack where more than 30 of its users unable to access their NFTs and close to US$2 million worth of ETH was stolen.

OpenSea users lose NFTs in cyber attack

According to OpenSea the attacker has US$1.7 million of ETH in his wallet from selling some of the stolen NFTs. There were 254 tokens stolen over three hours.

Devin Finzer, CEO and founder of OpenSea tweeted, “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”

Reports came in from users saying OpenSea was “exploited” and began tagging the marketplace on Twitter.

Blockchain security company PeckShield, said users authorised the "migration" as instructed in the phishing email and the authorisation unfortunately allows the hacker to steal the valuable NFTs.

Nadav Hollander, CTO at OpenSea said, “All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time. However, none of these orders were broadcasted to OpenSea at the time of signing.”

The attack seems to have exploited a “flexibility” in the Wyvern Protocol which is the open-source standard underlying most NFT smart contracts.

“None of the malicious orders were executed against the new (Wyvern 2.3) contract, indicating that they were signed before the migration and are unlikely to be related to OpenSea’s migration flow,” Hollander said.

According to Hollander, 32 users had NFTs stolen over a relatively short time period, “This is extremely unfortunate, but suggests a targeted attack as opposed to a systemic issue.”

Hollander said even though it appears the attack was made from outside OpenSea, is actively helping affected users and discussing ways to provide them additional assistance.

OpenSea, the eBay of the NFT marketplace is valued at US$13 billion and has become one of the most valuable NFT companies.

Got a news tip for our journalists? Share it with us anonymously here.
© Digital Nation
Tags:
emerging technftopenseaphishing

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

Westpac pilots AI to analyse inbound call content

Westpac pilots AI to analyse inbound call content
ANZ explores agentic AI opportunities

ANZ explores agentic AI opportunities
Northcott to explore AI summarisation

Northcott to explore AI summarisation
BHP sets up AI hub in Singapore

BHP sets up AI hub in Singapore
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?