OpenSea Phishing Attack Affected 17 Users

  • The incident, which affected 17 users on OpenSea, is considered to be a phishing attack as all malicious orders had a valid signatures from the affected users.
  • The CTO of OpenSea also explained the attack had nothing to do with OpenSea’s smart contract upgrade, which began on Friday, as the orders were signed before the migration.
opensea on monitor

Shutterstock

Major non-fungible token (NFT) marketplace OpenSea has experienced an attack on Sunday, with 17 users of the platform having their NFTs stolen, though the source of the attack is still unknown, the marketplace said on Twitter on 21 February.

The NFT platform began investigating the issue in the early hours on Sunday, when it received reports of an exploit “associated with OpenSea related smart contracts”. The CEO of OpenSea, Devin Finzer, took to Twitter shortly after the initial report, noting that the incident was a form of a phishing attack, and that 32 users had been affected. Today the platform clarified that 32 users “interacted” with the attacker, and only 17 had their NFTs stolen. The platform tweeted:

The NFT marketplace further noted that the attacker no longer appears to be active, as there has been no activity on the malicious contract for over 15 hours. While the exact source of the attack is yet to be determined, OpenSea has claimed the attack originated “outside of OpenSea’s website”, and that all the transactions contained a “valid signatures from affected users”.

Some users have also speculated that the attack could be connected to OpenSea’s smart contract upgrade that started on Friday, and requires all users to move their listings on Ethereum to the new OpenSea smart contract. The CTO of the company, Nadav Hollander, explained that this scenario was highly unlikely, as the malicious orders were executed against the new contract, indicating they “were signed before the migration”.

Discussion
Related Coverage
GameStop Launches NFT Marketplace in Public Beta
  • GameStop has described its new platform as a “non-custodial, Ethereum Layer-2-based marketplace that enables parties to truly own their digital assets”.
  • The company said it plans to expand the NFT marketplace functionality over time, adding new categories such as web3 gaming, introducing more creators, and more.
July 12, 2022, 8:40 AM
gamestop

Shutterstock

Multiple Projects Migrate From Terra to Polygon
  • Among the 48 projects that have started migrating over from Terra are some high-profile names, such as OnePlanet, Lunaverse, and Derby Stars.
  • OnePlanet played a huge role in helping NFT projects, encompassing 90 NFT collections, migrate to Polygon through its Ark*One initiative.
Major Leak of OpenSea Customer Emails
  • According to the NFT marketplace, its customers’ emails were leaked to an outside party by an employee of Customer.io.
  • The company has reported the incident to law enforcement officials, and reminded its customers to be weary of phishing attacks.