Hacker Steals $1.7 Million in NFTs from OpenSea Clients

An unknown actor managed to steal NFTs worth $1.7 million from OpenSea users just as the platform was switching to a new Wyvern smart contract system. Company officials say the attack was targeted and had nothing to do with the company’s systems.

OpenSea, the world’s largest NFT marketplace, enables prospectors to sell and trade non-fungible tokens (NFT), a non-interchangeable unit of data that can be stored on a blockchain - similar to how cryptocurrencies work.

On Sunday, OpenSea CEO Devin Finzer confirmed that 32 users had signed a malicious payload from an unknown attacker, resulting in the theft of their NFTs.

“As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen,” Finzer tweeted over the weekend.

The CEO assures customers that the company is running “an all hands on deck investigation,” to get to the bottom of the issue.

“We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures. Huge thanks to the users that hopped on the phone with us directly,” Finzer added.

While the attack was seemingly timed to match the company’s move to the Wyvern smart contract system, the targeted phishing scheme apparently took place before the migration and is not likely related to the migration flow, according to the company’s chief technology officer, Nadav Hollander.

Email-borne phishing is also ruled out, the company said.

OpenSea is now working with the victims to narrow down a set of common websites they interacted with that might have been responsible for the malicious signatures.

“We’ll keep you updated as we learn more about the exact nature of the phishing attack,” Finzer said.

NFT ledgers claim to provide a public certificate of authenticity or proof of ownership for a certain asset, like a photo, a video or an audio file. However, an NFT does not restrict the sharing or copying of the file itself, nor does it prevent the creation of NFTs with identical associated qualities.

Widely considered a speculative asset, NFTs are criticized for their high-energy cost and carbon footprint - for validating blockchain transactions. NFTs have also been likened to a ponzi scheme.