The NFT Twitter community has been agog with complaints and discussions about people allegedly losing their NFTs on OpenSea to hackers. Different enthusiasts have analyzed the root cause and the strategy used by the attacker to elope with users’ Non-Fungible Tokens. Many agree that it was a cleverly-plotted phishing attempt that fooled several people.
The hacker took advantage of discussions of a migration to new smart contracts, by sending a phishing email that was cloned to look like it was from OpenSea.
A Twitter page, Plugged Inn, uploaded a sample of the phishing email that the scammer used.
OpenSea responded immediately by stating that they were investigating the matter.
“We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of OpenSea.io.”
Devin Finzer, the CEO of OpenSea, noted in a tweet that the hack was not linked or caused by OpenSea. In his Twitter statement, he added, “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”
He also added that affected users should send a message to the support team of OpenSea. In his tweet thread, he added that people could protect themselves better by removing the approval to their NFT collection.
The scammer took advantage of the open fact that OpenSea was altering its smart contract, which will remove inactive listings from the platform.
Some NFT enthusiasts stated that the phishing emails seemed like they came from OpenSea and stated that users had to migrate their listing to a new contract to ensure that it didn’t expire. Victims saw the urgency of the email and thought it was from OpenSea.
According to OpenSea,
“Our team has been working around the clock to investigate the specific details of this phishing attack. While we haven’t yet determined the exact source, we wanted to share a couple of EOD updates.”
The popular NFT marketplace revised the number of users whose NFTs had been compromised.
“We’ve narrowed down the list of impacted individuals to 17, rather than the previously mentioned 32. Our original count included anyone who had *interacted* with the attacker, rather than those who were victims of the phishing attack.”
OpenSea noted that the
“The attack does not appear to be active at this time. There has been no activity on the malicious contract in >15 hours.”
The NFT marketplace has stated that the investigation will continue and it will intimate the public about any new findings.
If you would like to read more news articles like this, visit our Website. You can also follow DeFi Planet on Twitter, Facebook, Instagram, and LinkedIn.
