According to data from blockchain security firm PeckShield, scammers stole 254 NFTs, including a few Bored Ape Yacht Club NFTs.
- “This attack did not originate with OpenSea,” said the CEO and co-founder of the company.
- Last week, OpenSea launched a customer service server to reduce the risk of fraudsters impersonating company employees.
Traders in non-stop trading Monday was spent parsing the aftermath of an OpenSea phishing attack that resulted in the theft of hundreds of NFTs over the weekend.
According to OpenSea, the attack appears to be over, with 17 victims, a reduction from the 32 people originally thought to be affected.
In a series of tweets, Devin Finzer, CEO and co-founder of OpenSea, stated, “This attack did not originate on OpenSea.” Finzer stated that the company is collaborating with users to determine who is to blame.
Finzer dismissed reports that the attack was worth more than $200 million, claiming that the hacker had $1.7 million in ether in their wallet, which was confirmed by Etherscan records. OpenSea declined to make any additional comments on the current issue.
By trading volume, OpenSea is the largest NFT (non-fungible token) marketplace, with over 80 million NFTs spread across two million collections. According to data from Dune Analytics user rchen8, the platform had $70.78 million in Ethereum-based volume on Monday, down 58 percent from $169.26 million a month ago.
According to a spreadsheet created by blockchain security firm PeckShield, the hacker stole 254 NFTs during the attack, including a few Bored Ape Yacht Club NFTs. According to data from Dune Analytics user Jelilat, the most NFTs stolen during the phishing attack were 37 Azukis.
According to PeckShield, the users authorized the “migration” as instructed in the phishing email, and the authorization allowed the hacker to steal the NFTs.
As a result, the malicious orders were all accompanied by valid signatures from users who fell for the phishing scam, according to Nadav Hollander, OpenSea’s chief technology officer, who tweeted on Sunday.
According to reports, the attacker had users connect their crypto wallets to a fraudulent site where they signed approvals with Wyvern Exchange to give the attacker control of their NFTs.
Wyvern Exchange is a decentralized cryptocurrency exchange based on the Wyvern Protocol that communicates with the Ethereum blockchain.
“The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet,” the OpenDAO stated in a blog post. “Unfortunately, no one ever reads the documents they sign.”
Phishing scams are frequently carried out via text messages or emails that contain deceptive messages, advertisements, or websites that appear legitimate. While scams occur in all industries, some community members believe that OpenSea’s use of email in general is a mistake.
Email, according to Pixel Vault co-founder Beanie, is “an archaic way to communicate” that “exposes even sophisticated users to risk of being exploited through phishing scams.”
“The OpenSea email alert system never really worked anyway, because it was inundated with spam,” Beanie tweeted.
While messaging platforms like Discord and Blockscan Chat allow users to log in with Ethereum addresses to message wallet-to-wallet, there are few new ways for businesses to communicate with their customers.
As reported by various media outlets, OpenSea launched a customer service server with Web3 communications platform Metalink last week to reduce the risk of fraudsters impersonating company employees.
“Our goal is to create a direct channel for you to interact with OpenSea to get support, provide feedback, receive updates, and share any other information that will help us better serve you,” OpenSea’s head of community, Stevey Tromberg, said in a statement.
The collaboration was formed after alleged scammers impersonated OpenSea employees in order to deceive other NFT owners in its Discord chat, causing them to lose millions of dollars.
“NFT communities deserve a safe and secure space where they can connect and thrive,” Metalink founder Jake Udell said.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.
