OpenSea’s phishing attack: What you need to know

OpenSea’s phishing attack: What you need to know Over the weekend, the NFT community was set ablaze following reports that NFT marketplace OpenSea was hit by a major phishing attack. While earlier reports claimed that the attacker carted away with over $200 million, OpenSea has stepped forward to clarify that only 17 users were affected and the net losses of victims are estimated at around $1.7 million. The latest attack coincided with OpenSea’s recent smart contract upgrade. On Friday, the leading NFT marketplace announced that it was launching a new upgraded smart contract, requiring users to migrate their listings before February 25. The new contract is live! Start migrating your listings now: https://t.co/W1w9ciCK2D — OpenSea (@opensea) February 18, 2022 The hacker, however, capitalized on the said upgrade to trick users into migrating their NFTs to his own wallet through legit-looking phishing emails. According to a spreadsheet compiled by blockchain security firm PeckShield, the malicious actor made off with 254 NFTs from the attack, including some Bored Ape Yacht Club NFTs. Although OpenSea estimates that around $1.7 million worth of NFTs was stolen, PeckShield’s list puts the cumulative worth at around $3 million. Meanwhile, Dune Analytics user Jelilat claimsthat the most NFTs stolen during the attack were 37 Azukis. Here is the list of NFTs stolen in @opensea phishing incidenthttps://t.co/s9OmiJu2m3 pic.twitter.com/xE1tFJnDMK — PeckShieldAlert (@PeckShieldAlert) February 20, 2022 From all indications, it appears the phishing attack had nothing to do with the OpenSea platform. By authorizing “migration” as instructed in the phishing email, users were basically signing the transactions to steal their NFTs. Users were directed to a fraudulent site through phishing emails. They then signed approvals with Wyvern Exchange that gave the attacker control over their NFTs. The OpenDAO explained in a post: The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet. Unfortunately, nobody ever reads what they signed. Continue reading on BTC Peers Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.

OpenSea’s phishing attack: What you need to know
OpenSea’s phishing attack: What you need to knowOpenSea’s phishing attack: What you need to know

Over the weekend, the NFT community was set ablaze following reports that NFT marketplace OpenSea was hit by a major phishing attack. While earlier reports claimed that the attacker carted away with over $200 million, OpenSea has stepped forward to clarify that only 17 users were affected and the net losses of victims are estimated at around $1.7 million.

The latest attack coincided with OpenSea’s recent smart contract upgrade. On Friday, the leading NFT marketplace announced that it was launching a new upgraded smart contract, requiring users to migrate their listings before February 25.

The hacker, however, capitalized on the said upgrade to trick users into migrating their NFTs to his own wallet through legit-looking phishing emails.

According to a spreadsheet compiled by blockchain security firm PeckShield, the malicious actor made off with 254 NFTs from the attack, including some Bored Ape Yacht Club NFTs. Although OpenSea estimates that around $1.7 million worth of NFTs was stolen, PeckShield’s list puts the cumulative worth at around $3 million. Meanwhile, Dune Analytics user Jelilat claimsthat the most NFTs stolen during the attack were 37 Azukis.

From all indications, it appears the phishing attack had nothing to do with the OpenSea platform. By authorizing “migration” as instructed in the phishing email, users were basically signing the transactions to steal their NFTs.

Users were directed to a fraudulent site through phishing emails. They then signed approvals with Wyvern Exchange that gave the attacker control over their NFTs. The OpenDAO explained in a post:

The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet. Unfortunately, nobody ever reads what they signed.

Continue reading on BTC Peers

Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.