TL;DR Breakdown
- The three NFTs stolen on OpenSea have been retrieved by Mintable
- Devin Finzer, OpenSea founder states that the attack is not a result of website security issues, rather a phishing attack
Mintable, an NFT market, is returning three stolen NFTs to their owners as part of an initiative to combat the OpenSea security breach. They discovered the NFTs on LooksRare, which has a notorious reputation for over $10 billion in wash trading and stolen NFTs. They acquired the NFTs for Mintable’s most recent flash sale by buying them from the market. However, they were unable to withdraw the purchased NFTs to their own wallet. Users have been reporting this issue for months on Mintable’s Discord server. On February 19, OpenSea users lost about USD 1.75 million in NFTs to a phishing fraud.
OpenSea attack victims receives help from Mintable
Mintable contacted OpenSea about the problem after they found out there was a breach involving them and OpenSea in early July 2019. The owners of LooksRare are suspected of being involved in the OpenSea phishing fraud. Mintable discovered that LooksRare had been gaining access to accounts on both Mintable and OpenSea through third-party services, such as Discord bots. They are suspected of having exploited a security flaw in Discord’s token verification system while using Mintable’s official MINTDOTBOT discord account to gain access to Mintable accounts.
Mintable suspects that this is how the NFTs were compromised and laundered on LooksRare, and they notified OpenSea about the problem and their possible involvement in the phishing fraud. Mintable also approached ENS to replace all affected users’ addresses with their own before making any security changes.
The three stolen assets are the NFTs “Shadow of the Colossus” from Cryptokitties, “Sloth Glider” from Decentraland, and “Ethereum Logo” from CryptoKitty. As soon as Mintable was able to withdraw them from LooksRare’s market, they were able to re-mint them using their off-chain minting contract on the Ethereum blockchain. Mintable is re-minting them with zero transaction fees and no additional charges for their users, who will be able to withdraw the NFTs once they have a second confirmation of minting on the blockchain.
Mintable calls out OpenSea to ensure safety for its users
Mintable discovered that these three were stolen in addition to seven other NFTs previously purchased from LooksRare. Mintable returned the seven NFTs to their owners, for free, in an effort to fight theft and fraud on the blockchain. Zach Burks, the founder, and CEO of Mintable criticized OpenSea for not doing anything to assist victims. Hacker access was gained through a bug on their site; they were able to steal NFTs. He expressed his ideas in his official Twitter account. Mintable has been at the forefront of gasless minting, bulk minting, and credit card purchases of NFTs. Burks thinks it’s time for us to make a leap forward in some way or another.
NFT marketplaces are prone to phishing attacks
OpenSea has suffered a loss to hackers in the past. Earlier this year OpenSea was lost to hackers who were able to get away with almost $750,000 in ETH. Several cases of recovered digital assets have been recently reported. On February 21 Indian authorities tracked down scammers responsible for the loss of $5.4 million. Additionally, the entire digital assets are experiencing severe loss from scammers and cybercrime. Japan has cautioned the public about crypto scams and alerted financial companies to develop new strategies to ensure a safe ecosystem.
