OpenSea Loses NFTs Worth $1.7 Million in Phishing Attack, Investigation Underway

Devin Finzer, the co-founder and CEO of OpenSea, said that at least 32 of the platform’s users have fallen prey to this attack.

By Radhika Parashar | Updated: 21 February 2022 11:20 IST

OpenSea Loses NFTs Worth $1.7 Million in Phishing Attack, Investigation Underway

Photo Credit: OpenSea

Losses in crypto-related hacks exceeded $10 billion (roughly Rs. 73,885 crore) over last year

Highlights

OpenSea’s attacker(s) currently unknown
OpenSea has launched investigation
OpenSea hacker reportedly washing stolen tokens

OpenSea, the world's biggest marketplace for non-fungible tokens (NFTs), lost hundreds of digital collectibles in a phishing attack over the weekend. The incident has reportedly caused OpenSea losses worth $1.7 million (roughly Rs. 12.5 crore). The hacker(s) responsible for this attack are currently unknown, but an investigation has been launched into the case. The crypto industry has begun churning trillions of dollars in revenue, catching the attention of hackers and scammers. In recent times, several hack attacks on crypto firms and investors have made it under the light, including OpenSea.

The attacker(s) lured OpenSea users into digitally signing malicious messages via phishing emails or websites. Exact details are still unclear.

Devin Finzer, the co-founder and CEO of OpenSea, said that at least 32 of the platform's users have fallen prey to this attack. Finzer has been updating people about fresh developments on the situation via Twitter.

Cryptocurrency Investment Fraud: 7 More Held in Nagpur

We are not aware of any recent phishing emails that have been sent to users, but at this time we do not know which website was tricking users into maliciously signing messages.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022

Blockchain security firm PeckShield has also been following the incident closely while also monitoring developments.

PeckShield has been able to compile a list of 254 NFTs that were stolen in this attack.

NFT Marketplace That Sold First-Ever Tweet Shuts Due to Fakes, Wash-Trading

The security firm also claims that privacy mixer tool Tornado Cash was used by the OpenSea hacker(s) to wash ETH 1,100. Tornado Cash can hide the final destination of the Ether tokens.

The @opensea scammer just made use of @TornadoCash to wash 1,100 ETH...https://t.co/eQCopgqx43 pic.twitter.com/8KB6QxBC8P
— PeckShield Inc. (@peckshield) February 20, 2022

Meanwhile, OpenSea is reaching out to its affected users in order to assist them for the next steps.

Our leadership, engineering, and security teams are communicating with affected users to gather details. We continue to believe that this is a phishing attack that originated outside of https://t.co/3qvMZjxmDB. ↯
— OpenSea (@opensea) February 20, 2022

Nadav Hollander, the chief technology officer of OpenSea has also shared his notes on this attack on Twitter.

- None of the malicious orders were executed against the new (Wyvern 2.3) contract, indicating that they were signed before the migration and are unlikely to be related to OpenSea's migration flow.
— Nadav Hollander (@NadavAHollander) February 20, 2022

Losses in crypto-related hacks exceeded $10 billion (roughly Rs. 73,885 crore) over the past year and now hackers want to keep coming back to the crypto sector for more.

Last year in August, hackers breached blockchain-based platform Poly Network and extracted more than $600 million (roughly Rs. 4,480 crore) in cryptocurrencies, marking DeFi's biggest hack ever. DeFi stands for decentralised finance.

In February this year, crypto platform Wormhole Portal lost $322 million (roughly Rs. 2,410 crore) in a hack attack, making it the second largest breach to have hit the DeFi sector.

Can Realme 9 Pro and 9 Pro+ win their respective segments? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: OpenSea, NFT, Non-Fungible Token, Phishing, Hack, Crypto Hack

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More