By Daniel Levi
In just two years later, Non-fungible tokens (NFTs) have grown from under $100 million in 2020 to surpass $40 billion in 2021. The NFT market cap is now forecast to reach over $80 billion by 2025. However, as NFT popularity soars, so is the number of hacking incidents. Just last month, $2.2 million worth of Bored Ape Yacht Club NFTs were hacked.
On Saturday, the world’s first and the largest NFT marketplace, OpenSea, confirmed that it has been hit by a phishing attack and at least 32 users had lost their valuable NFTs worth $1.7 million, company’s CEO Devin Finzer confirmed the phishing attack late Saturday night.
Finzer announced that the company is investigating a “phishing attack” that no longer appears to be active. He also confirmed that 32 users have lost NFTs so far and the attacker “has $1.7 million of ETH (Ethereum) in his wallet from selling some of the stolen NFTs.
In a series of tweets on Saturday, Finzer said the hacker “has $1.7 million of ETH in his wallet from selling some of the stolen NFTs” but dispelled rumors that the hack was worth $200 million. He also added that some of the stolen NFTs have been returned.
“I know you’re all worried. We’re running an all-hands-on-deck investigation, but I want to take a minute to share the facts as I see them,” Finzer said in a tweet.
Finzer added, “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”
Devin Finzer (dfinzer.eth) on X (formerly Twitter): “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen. / X”
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
However, a separate report from a decentralized metaverse firm Isotile tells a different story. The phishing hack took place 28 days when a hacker uploaded a new smart contract onto the Opensea NFT marketplace platform. The hacker started sending emails with phishing websites, which asked users to sign a message to login/migrate to the new Opensea smart contract.
However, instead of the users actually logging into the Opeasea marketplace, they were signing a private sale (0 eth) of users’ NFTs to the hacker.
x.com
No Description
x.com
No Description
We will continue to monitor this story and keep you updated as soon as we have new information.