- Several OpenSea users fell victim to a phishing attack.
- The alleged attacker stole over $1.7 million worth of NFTs.
- The attacker used the platforms new contract migration email to trick users.
- 17 users fell victim to the attack.
Several users of the world’s largest NFT marketplace OpenSea have experienced a phishing attack. Last week, OpenSea announced a new contract upgrade to ensure that old and inactive NFT listings on the Ethereum blockchain expire safely. The contract upgrade was set to take place between February 18 and 25.
An alleged scammer saw this as an opportunity to steal NFTs from active users. The scammer sent phishing emails to users. The email was identical to OpenSea’s contract migration email, except it contained links to fake sites. Users unknowingly shared their login details on these fake sites, allowing the user to gain access to their NFTs.
The phishing email and site created by the attacker was almost identical to OpenSea’s email and web page. They also used a request function called ‘atomicMatch’, which was capable of transferring all NFTs of a user in one transaction. This allowed the attackers to transfer several NFTs from victims in a very short time before they even realized it.
How did OpenSea Respond?
According to reports, 17 users were victims of the phishing attack and a total of 32 users interacted with the attacker. The Ethereum wallet connected to the attack held over $2 million dollars after several of the stolen NFTs were sold. Since then the attacker has allegedly transferred the fund to other accounts.
According to OpenSea CEO Devin Finzer, the company is working continuously to monitor the situation and find a solution. Finzer said that the attacker is apparently not active anymore, and some of the stolen NFTs were returned. He also mentioned that OpenSea was not immediately aware of the attack, as users did not initially notify the support team. An internal investigation team is working to find more information regarding the attack.
The platform’s CTO Nadav Hollander shared more details about the attack in a Twitter thread. According to him, it was a targeted attack rather than a systematic issue. Most of the orders signed by the victim took place before the new contract migration. He also emphasized that basic technical knowledge is required from NFT users to ensure such events don’t take place.
To protect yourself against the increasing NFT scams, read our full guide here.