OpenSea, the world’ biggest NFT marketplace, recently fell victim to a hacking attack. According to the details of the still-ongoing investigation, the attackers targeted OpenSea users, not the site itself. The platform’s CEO said that attackers tricked users into signing malicious payloads in order to steal their NFTs.
OpenSea, the leading marketplace for non-fungible tokens (NFTs), recently suffered what appears to be a hacking attack. The platform’s co-founder said that the incident appears to be a phishing attack — a conclusion that was also shared on Twitter by a blockchain security and data analytics company, PeckShield Inc. They explained: users authorized a wallet migration as instructed in the phishing email, which allowed the hacker to steal valuable NFTs. By the time users realized what was going on, the hackers had already completed their theft.
Devin Finzer, the OpenSea co-founder and its current CEO, said that the attack was not directly connected to the OpenSea website. In other words, the attackers have targeted the users, and not the website itself. He added that 32 users signed a malicious payload from an attacker, and some of their NFTs were stolen as a result.
Finzer added that the platform and its team understand that the community is worried, and he reassured the users that the team is running an all-hands-on-deck investigation.
OpenSea CEO Shares the Details of the Investigation
Finzer revealed that the attack appears to be no longer active. There was no malicious activity detected for several hours prior to the release of his announcements, which were published on February 20th. He also noted that some of the stolen NFTs were returned.
Finzer continued by saying that OpenSea was not aware of the phishing emails that its users were allegedly receiving and that the platform does not know which website was tricking users into connecting their wallets to OpenSea and signing the malicious transactions.
He invited all affected users to contact the OpenSea support account on Twitter and contribute to the investigation by sharing their experiences. Finzer stressed that there were rumors about $200 million being stolen from the website. He insisted that this is false and that the attacker has only $1.7 million of ETHin their wallet, which came from selling some of the NFTs they stole.