OpenSea users lose hundreds of NFTs in likely phishing attack

NFT marketplace OpenSea is investigating a “phishing attack” that has left more than two dozen of its users without access to some of their most valuable digital tokens. On late Saturday evening, panic hit the platform when someone stole hundreds of NFTs.

Over several hours that afternoon, the attacker targeted 32 accounts and obtained 254 tokens, according to a spreadsheet compiled by Blockchain security service PeckShield. Among the stolen NFTs are tokens from the Bored Ape Yacht Club and Azuki collections. One estimate by Molly White, the creator of the Web3 is Going Great blog, pegged the haul at 641 Ethereum (approximately $1.7 million at the time of this article).

“We have confidence that this was a phishing attack,” said Devin Finzer, the co-founder and CEO of OpenSea, in a tweet posted early Sunday morning. “We don’t know where the phishing occurred, but we’ve been able to rule out a number of things based on our conversations with the 32 affected users.”

According to Finzer, OpenSea determined its website was not a vector for the attack, nor did someone exploit a previously unknown vulnerability in the platform’s NFT minting, buying, selling and listing features. “Interaction with an OpenSea email is not a vector for attack,” said Finzer. “In fact, we are not aware of any of the affected users receiving or clicking links in suspicious emails.”

ref:engadget

--

--

--

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Hacker Summer Camp 2019

AI/ML-Powered Cybercrimes

From WWW To Web 3.0 And Beyond

{UPDATE} Word Build - Word Search Games Hack Free Resources Generator

A Proposal for the UMB Token Staking, Rewards and Distribution

Anatomy of a cryptocurrency scam

Turbo Vpn Mod Apk Premium Unlocked Latest Version

Turbo Vpn Mod Apk Premium Unlocked Latest Version

What is a personal cabinet on the site?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lunaray

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

More from Medium

NFT topics

Playground Meta Launch Metadata On-Chain Randomization

Candy Chain Launches No-Code NFT Contracts and Platform

How To Launch Ethereum dApp on Avalanche

AVAX network