Notebookcheck Logo

NFTs valued at over US$1.7 million have been stolen from OpenSea users

NFTs have been stolen in a phishing attack on OpenSea users. (Image source: Michael Dziedzic via Unsplash)
NFTs have been stolen in a phishing attack on OpenSea users. (Image source: Michael Dziedzic via Unsplash)
A phishing attack on users of OpenSea has resulted in the theft of NFTs worth millions of dollars. The source of the attack remains unclear, with 17 affected users identified.

NFTs have been stolen from several OpenSea accounts in a recent hack. The scam is currently being investigated by the company, an NFT marketplace, which believes it was a phishing attack. OpenSea stated that the incident had ended after no malicious activity was reported for over 36 hours.

OpenSea believes that 17 users have been affected, with 32 users in total having interacted with the hacker. Devin Finzer, CEO of OpenSea, revealed that the hacker had US$1.7 million of Ethereum in their wallet from selling some of the stolen NFTs.

It appears the attack was made possible by the affected users signing a partial contract, though these were not broadcast to OpenSea. This partial contract was similar to a blank cheque, allowing the malicious actor to complete the agreement with their details to finalise the transaction.

It is unclear how the account owners partially signed these contracts. OpenSea said it was confident that the phishing attack did not originate on its platform. The company also clarified that actions including buying and listing items were not to blame. Having spoken to affected customers, OpenSea does not believe the scam was facilitated by malicious emails or users clicking on an onsite banner on its website.

The attack comes during a migration to a new version of the contract used for NFT trades, which will make it harder for these attacks to happen in the future. OpenSea does not believe the migration to or the new Wyvern 2.3 smart contracts themselves were vectors for the attack.

Interestingly, it has been reported that the hacker has already returned several of the stolen NFTs, with another victim receiving 50 Ethereum (~US$130,000) from the bad actor. OpenSea has pledged to continue investigating the attack, urging anyone affected to contact it via the support center.

Buy the book The Cyber Effect on Amazon

Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
.170
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2022 02 > NFTs valued at over US$1.7 million have been stolen from OpenSea users
Polly Allcock, 2022-02-22 (Update: 2022-02-22)