NFT marketplace OpenSea hit by phishing attack, NFTs worth $1.7 million in ETH stolen
The world’s largest NFT marketplace OpenSea last Sunday (20 February) confirmed that it has been hit by a phishing attack. OpenSea co-founder and CEO Devin Finzer, however, insists that the attack is not connected to the OpenSea website.
He did acknowledge that 32 OpenSea users lost some of their NFTs so far. These users “signed a malicious payload from an attacker” and had their NFTs stolen, Finzer said.
“The attacker has $1.7 million in ETH in his wallet from selling some of the stolen NFT,” he stated. However, he denied rumours that this was a $200 million hack.
Not long after, Finzer then posted a tweet saying: “The attack doesn’t appear to be active at this point - we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned.”
According to Gizmodo, the attack occurred during OpenSea’s migration to its new smart contract system, which began on Friday (18 February) and is set to complete by 25 February. The new upgraded contract system aims to fix issues related to inactive listings.
On Monday (21 February), Opensea announced that they have narrowed down the list of impacted individuals from 32 to 17. “Our original count included anyone who had ‘interacted’ with the attacker, rather than those who were victims of the phishing attack,” the company tweeted.
Meanwhile, as reported by Decrypt, former Bored Ape NFT owner Timothy McKimmy just recently filed a $1 million lawsuit against OpenSea, alleging that the platform actually knew about the bug which allowed hackers to buy NFTs for far below market price, but it refused to halt trading in the interest of profits.
In the lawsuit, McKimmy claims that he is the rightful owner of Bored Ape #3475. He said that he did not list his Bored Ape NFT, yet it was stolen and the hacker promptly resold it for only 99 ETH ($250,000 at today's prices). He said the #3475 Bored Ape NFT is in the top 14th percentile when it comes to rarity, and is significantly more rare than the Bored Ape NFT Justin Bieber recently purchased for $1.3 million.
OpenSea said that it has not yet determined the exact source of the attack and will continue to investigate this incident.