OpenSea, the world’s largest non-fungible token (NFT) marketplace, reported on Sunday that it had been hacked and that at least 32 customers had lost $1.7 million in NFTs.
In a Tweet, the NFT marketplace said:
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSeas website.
Devin Finzer, co-founder and CEO of OpenSea, confirmed that 32 users had lost NFTs as a result of the phishing attack.
He denied rumours that the breach was worth $200 million, claiming that the attacker “had $1.7 million in ETH (Ethereum) in his wallet from the sale of part of the stolen NFTs.”
“At this time, the attack appears to be inactive – we haven’t observed any malicious activity from the attacker’s account in over two hours.” Finzer noted, “Some of the NFTs have been returned.”
Finzer advised users to be cautious when signing messages and to ‘double check that you are communicating with OpenSea official website url in your browser when you sign messages.’
While the NFT marketplace has yet to determine the scope of the cyber assault, Blockchain investigator Peckshield believes the phishing attack was fueled by a probable lea**k of user information (including email addresses).
The attack occurred shortly after OpenSea announced a new smart contract upgrade and a one-week deadline for dormant NFTs to be removed from the platform. Users were asked to convert their listed NFTs from the Ethereum blockchain to a new smart contract as part of the smart contract update.
Within hours of OpenSea’s upgrade announcement, various sources began reporting on an ongoing attack on the soon-to-be-delisted NFTs.
According to the BBC, the phishing attempt on the NFT marketplace came after the UK tax department confiscated three NFTs last week as part of a probe into a 1.4 million pound (almost $1.9 million) fraud case.
The authority claimed it was the first law enforcement agency in the United Kingdom to seize an NFT. Her Majesty’s Revenue and Customs also confiscated a total of 5,000 pounds ($6,762) in cryptocurrency, as well as three NFT artworks that have yet to be evaluated.