OpenSea investigating NFT phishing attack
Credits: BBC

OpenSea investigating NFT phishing attack

World’s largest NFT (non-fungible token) marketplace, OpenSea on Sunday confirmed that it has been hit by a phishing attack and at least 32 users had lost their valuable NFTs worth $1.7 million.

The attack targeted a series of NFTs on OpenSea on Sunday, including some from the famous collections like Bored Ape Yacht Club, Mutant Ape Yacht Club, and others. The targeted NFTs were the ones that were soon to be delisted from the platform following its migration to a new smart contract from the previous Ethereum blockchain. The platform had announced a one-week deadline for this migration.

Credit: Coinbuzzfeed

The urgency for the transition created a window of opportunity for the hackers to launch a phishing attack on the NFT holders. They shot fraudulent emails to the OpenSea NFT holders, under the pretext that the emails and the fake webpage therein were the gateways for the users to get their NFTs listed on the new smart contract. As the users authorized the transition through the fraud email, their NFTs were transferred to the attackers.

The co-founder of OpenSea said the non-fungible token marketplace is investigating a “phishing attack,” which doesn’t appear to be active.

“We don’t believe it’s connected to the OpenSea website,” Devin Finzer, who is also its chief executive officer, said on Twitter. “It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”

NFT phishing attack

The attack happened as OpenSea announced a new smart contract upgrade with a one-week deadline to delist inactive NFTs on the platform.

The smart contract upgrade required users to migrate their listed NFTs from ETH blockchain to a new smart contract.

Within hours after OpenSea’s upgrade announcement, reports across multiple sources emerged about an ongoing attack that targets the soon to be delisted NFTs

Losses in crypto-related hacks exceeded $10 billion (roughly Rs. 73,885 crore) over the past year and now hackers want to keep coming back to the crypto sector for more.

Last year in August, hackers breached blockchain-based platform Poly Network and extracted more than $600 million (roughly Rs. 4,480 crore) in cryptocurrencies, marking DeFi’s biggest hack ever. DeFi stands for decentralised finance.

In February this year, crypto platform Wormhole Portal lost $322 million (roughly Rs. 2,410 crore) in a hack attack, making it the second largest breach to have hit the DeFi sector.