OpenSea CEO alleges $1.7M worth NFTs stolen in phishing attack on users

OpenSea NFT marketplace is currently investigating an alleged phishing attack following a string of tweets from dismayed users reporting the disappearance of NFTs from their wallets. According to OpenSea, 17 users were impacted by the phishing attack with at least $1.7 million worth of NFTs stolen.

Previously, the marketplace reported the list of impacted individuals to be 32. However, the figures were later changed after OpenSea investigated the case and found the victims to be only 17. The remaining were the ones that only interacted with the phishing attack, but did not fall to scams.

Meanwhile, OpenSea co-founder and CEO Devin Finzer dispelled rumors of a $200 million hack plaquing the platform and said the phishing attack is not connected to OpenSea.

“As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website,” he wrote in a tweet on Feb. 20, later adding, “Importantly, rumors that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.”

We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures. Huge thanks to the users that hopped on the phone with us directly.

— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022

According to blockchain security firm PeckShield, 254 tokens have so far been stolen from the attack, which included popular NFTs from Bored Ape Yacht Club and Decentraland.

The attack likely resulted from confusion over OpenSea’s smart contracts revision, which led people to believe that the platform is launching the migrating process. This resulted in hackers “tricking users into maliciously signing messages.” OpenSea CTO Nadav Hollander tweeted:

“All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time. However, none of these orders were broadcasted to OpenSea at the time of signing.”

“None of the malicious orders were executed against the new (Wyvern 2.3) contract, indicating that they were signed before the migration and are unlikely to be related to OpenSea’s migration flow,” Hollander added.

10) Additionally, even though it appears the attack was made from outside OpenSea, we are actively helping affected users and discussing ways to provide them additional assistance.

— Nadav Hollander (@NadavAHollander) February 20, 2022

At press time, OpenSea continues to investigate the phishing attack.

The post OpenSea CEO alleges $1.7M worth NFTs stolen in phishing attack on users appeared first on Our Bitcoin News.