$ 1,101.78 3.99%
$ 34.02 4.31%
$ 0.069321 4.00%
$ 4.73 4.45%
$ 20,132.00 0.94%
$ 219.85 3.49%

Scammer steals $1.7 million worth of NFTs from OpenSea users 


TL;DR Breakdown 

  • Several OpenSea users fell victim to a phishing attack. 
  • The alleged attacker stole over $1.7 million worth of NFTs. 
  • The attacker used the platforms new contract migration email to trick users. 
  • 17 users fell victim to the attack.

Several users of the world’s largest NFT marketplace OpenSea have experienced a phishing attack. Last week, OpenSea announced a new contract upgrade to ensure that old and inactive NFT listings on the Ethereum blockchain expire safely. The contract upgrade was set to take place between February 18 and 25. 

An alleged scammer saw this as an opportunity to steal NFTs from active users. The scammer sent phishing emails to users. The email was identical to OpenSea’s contract migration email, except it contained links to fake sites. Users unknowingly shared their login details on these fake sites, allowing the user to gain access to their NFTs.

The phishing email and site created by the attacker was almost identical to OpenSea’s email and web page. They also used a request function called ‘atomicMatch’, which was capable of transferring all NFTs of a user in one transaction. This allowed the attackers to transfer several NFTs from victims in a very short time before they even realized it. 

How did OpenSea Respond? 

According to reports, 17 users were victims of the phishing attack and a total of 32 users interacted with the attacker. The Ethereum wallet connected to the attack held over $2 million dollars after several of the stolen NFTs were sold. Since then the attacker has allegedly transferred the fund to other accounts. 

According to OpenSea CEO Devin Finzer, the company is working continuously to monitor the situation and find a solution. Finzer said that the attacker is apparently not active anymore, and some of the stolen NFTs were returned. He also mentioned that OpenSea was not immediately aware of the attack, as users did not initially notify the support team. An internal investigation team is working to find more information regarding the attack.  

The platform’s CTO Nadav Hollander shared more details about the attack in a Twitter thread. According to him, it was a targeted attack rather than a systematic issue. Most of the orders signed by the victim took place before the new contract migration. He also emphasized that basic technical knowledge is required from NFT users to ensure such events don’t take place. 

To protect yourself against the increasing NFT scams, read our full guide here

Mohammad Shahid

Mohammad Shahid

An IT and Cybersecurity graduate with specialized knowledge of cryptocurrency and blockchain, Mohammad joins the Repo elite team. He has worked on several blockchain development projects and is an enthusiastic crypto trader.

Related News

Hot Stories

Polkadot price analysis: DOT continues to decline with low of $7.06 recorded
Bitcoin price analysis: BTC touches $19,775 as bears threaten another sharp pullback
Bitcoin, Binance Coin, Polygon, and Uniswap Daily Price Analyses – 29 June Morning Price Prediction
Ripple price analysis: XRP swiftly retests $0.32, bottom found?
Three Arrows could be liquidated due to the crypto market's bearish streak

Follow Us

Industry News

Three Arrows could be liquidated due to the crypto market's bearish streak
Ronin bridge returns online after hack
Compass Mining loses Bitcoin mining facility for neglecting energy bill
Robinhood shares spike 14% on FTX rumored purchase report
US adults turn strong hands, predict Bitcoin at $38,000 on average in 6 months