NFTs worth $1.7 million stolen from OpenSea users in phishing attack

Non-fungible token (NFT) marketplace OpenSea has refuted the claims that it suffered a $200 million hack. In a Twitter thread Devin Finzer, co-founder and chief executive, OpenSea has clarified that it was a phishing attack targeted at a few OpenSea users who were tricked by an attacker into downloading a malicious file that compromised their wallets. 

According to Finzer, the attacker sold some of the stolen NFTs for ETH worth  $1.7 million. 

"As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen," Finzer said. 

Finzer claims the attack is no longer active and the attacker has returned some of the NFTs. "We haven’t seen any malicious activity from the attacker’s account in 2 hours," he added. 

OpenSea is conducting an investigation into the phishing attack. However, at this point, Finzer said they are yet to ascertain which websites were tricking users into maliciously signing messages. 

Valued at $13 billion, OpenSea is one of the biggest NFT marketplace with over one million active user wallets. It's average daily trading volume is over $260 million while the monthly volume in January 2022 was over $2 billion, according to Dune Analytics, a Blockchain analytics firm. 

Interest in NFTs have skyrocketed since 2021, attracting a lot of unwanted attention from attackers. In a Twitter post, published December 30, Todd Kramer, the owner of owner New York’s Ross + Kramer Gallery, claimed that he was targeted by a  phishing scam and lost 15 NFTs worth $2.2 million.

Though in these phishing attacks, user wallets were directly targeted platforms such as OpenSea are not entirely foolproof. In October 2021, security experts from CheckPoint Research warned about a security vulnerability in OpenSea that, if exploited, could have allowed attackers to hijack user accounts and clean out their crypto wallets by sending malicious NFTs. 

In addition to theft of NFTs, many artists have also complained about their artwork being copied and sold illegally as NFTs on marketplaces such as OpenSea without their consent. DeviantArt reportedly found 90,000 fake NFTs on its platform.