A hacker carried out a phishing attack to steal potentially hundreds of NFTs from users of OpenSea. According to the latest report, the hacker stole worth a total of $1.7 million on Saturday. On the other hand, the company reassured its users that it was safe to mint, buy, list, and sell NFTs on OpenSea. However, an investigation has started.
Hacker Steals $1.7 Million in NFTs From OpenSea Users
In a Twitter post, the CEO ruled out OpenSea’s website as the origin point of the attack. He added that interacting with an email from OpenSea was not a vector for the attack. Similarly, clicking on the site’s banner, signing the new Wyvern smart contract, and using OpenSea’s listing migration tool to move listings to the new Wyvern contract system were determined to be safe, as well.
“We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures,” Finzer said on Sunday. “We’ll keep you updated as we learn more about the exact nature of the phishing attack.”
The incident, which occurred on Saturday over the course of a few hours, suggests this was a targeted attack.
“32 users had NFTs stolen over a relatively short time period. This is extremely unfortunate, but suggests a targeted attack as opposed to a systemic issue.” The company’s chief technology officer, Nadav Hollander said.
Hollander also added that the attack appeared to have occurred outside OpenSea. Also, the company was “actively helping affected users and discussing ways to provide them additional assistance.”