Skip to main content

Scammers Steal $1.7 Million Worth of NFTs from OpenSea Customers

Panicked users complain on social media that they lost their NFTs on the platform after receiving a suspicious email.
  • Author:
  • Publish date:

A new week, a new attack. Not a week has passed since the beginning of the year without an incident affecting a firm in the cryptosphere and web3, the next generation internet based on blockchain technology. 

OpenSea, the eBay of the blockchain, announced on Saturday night that it was investigating a scam targeting users of its non-fungible tokens (NFTs) platform. The firm is the largest NFT marketplace, and it is valued at $13.3 billion.

The hacker(s) stole several NFTs and had already sold a few for ethereum worth $1.7 million, according to CEO Devin Finzer. NFTs are blockchain-based deeds of ownership to different kinds of digital items, from expensive illustrations of apes to collectibles like celebrity autographs. In some cases they can also represent certificates for physical goods.

"We are actively investigating rumors of an exploit associated with OpenSea related smart contract. This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of" the platform posted on Twitter.

Smart contracts are a piece of computer code that determines the terms of a transaction ( loans, trading etc) and don't rely on any third party. Things are done automatically and follow the rules that people have agreed on. 

OpenSea CEO Devin Finzer later said, still on Twitter, that: " As far as we can tell, this is a phishing attack. We don't believe it's connected to the OpenSea website," he wrote. He added that: " It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen."

Finzer, like his platform earlier, suggested that the attack came from an external website, but some users on social media rejected this hypothesis.

"Wrong. According to the contract it seems like its on your end," one user posted.

But other users seemed convinced by the explanation given by Finzer.

"This is the only line of log printed by the attacker contract. It can print anything it wants. This is a phishing attack obviously," said another user.

Shortly before 11 p.m. ET, Finzer posted a series of tweets in which he suggested the malicious scam was over.

"The attack doesn't appear to be active at this point - we haven't seen any malicious activity from the attacker's account in 2 hours. Sone of the NFTs have been returned," he asserted.

OpenSea Has Heard Conflicting Accounts

He repeated that OpenSea still does not know where the scam started and who was behind it. Finzer directed affected users to contact OpenSea via private message on Twitter.

The hacker(s) wanted to take advantage of an update to OpenSea's smart contract which was scheduled the day before. The new version of the smart contract was intended to remove the old and inactive listings from the platform.

Users have posted on Twitter the famous email sent by the thief (s). We can see that the scam wanted to take advantage of the migration to steal the NFTs. 

"Calling it now. The hacker used a standard phishing email copying the genuine #Opensea one sent out a few days ago, then got a number of people to sign permissions with WyvernExchange. No exploit, just people not reading sign permissions as normal," one user posted.

Conflicting information circulated about the loot stolen by the hacker(s). Finzer said overnight that the amounts of millions of dollars advanced were false.

"The attacker has $1.7 million of ETH[Ereum] in his wallet from selling sone of the stolen NFTs," he stated.

But some users were quick to ask him the value of the NFTs not yet sold: 'and how much are the unsold nfts worth?" one wrote.

Last updated at 2:42 a.m. ET, Finzer said OpenSea was now certain that the attack did not come from the firm's system.

Rising interest rates, inflation, and market volatility are on the horizon. You don’t want to miss out on this exclusive opportunity to unlock Action Alerts PLUS at our lowest price of the year.