• OpenSea phishing attack results in users losing $1.7 million worth of NFTs

    by on February 21, 2022 at 5:00 PM, EST

    OpenSea phishing attack

    A recent OpenSea phishing attack via a smart contract exploit by a malicious user on the popular NFT marketplace OpenSea resulted in 17 users losing over 250 NFTs.

    The total fiat value of the stolen JPEGs is estimated to be over $1.7 million, which were then flipped after the OpenSea phishing attack by the hacker for approximately $2.9 million, according to the blog Web3 Is Going Great.

    Blockchain cybersecurity company PeckShield put together a spreadsheet with a list of the NFTs stolen. The list includes four Bored Ape Yacht Club (BAYC) NFTs, two Decentraland NFTs, and several NFTs from Azuki and NFT Worlds, among other variations of apes, dogs, monkeys, punks, and cats.

    After an investigation, it was determined that the theft was enabled by a phishing attempt that tricked 17 users into signing a smart contract that would approve transfers of the NFTs into the hacker’s wallet.

    This means the exploit wasn’t caused by any vulnerabilities related to the OpenSea platform a silver lining for the company with a valuation over $13 billion. However, news of the exploit appeared to cause a decrease in Ethereum and Bitcoin’s dollar value, which is a net negative for the crypto community at large.

    In the past, OpenSea has reimbursed users financially affected by issues with their platform, such as the time earlier this year when a UI issue caused some NFTs to be sold well below their market value.

    However, the fact that this was a phishing attack that didn’t exploit any vulnerabilities with the platform itself means that the marketplace has no obligation to compensate the victims. Instead, CEO Devin Finzer tweeted that users should be careful and only interact with smart contracts from the official OpenSea URL.

    Interestingly, claims are circulating that some of the victims were given back a few stolen NFTs, as well as one user having claimed to receive 50 ETH (approx $130,000 at time of writing) back from the hacker.

    This would mimic other high-profile crypto heists like the Poly Network hack in August 2021 where the criminals would attempt to redistribute some of their loot either to curry favor with the greater community or to increase their notoriety.

    However, it’s unlikely that these antics will amuse many existing members of the NFT/Web3 community— and it’s even less likely to attract new users from an increasingly harsh and critical audience.

    At best, this story will provide spectators with schadenfreude as they point and laugh at the misguided optimists, brazen grifters, and unscrupulous corporations that currently make up the community, further reinforcing their biases against technology that could provide a promising future for many stagnant industries.

    This is Niche Gamer Tech. In this column, we regularly cover tech and things related to the tech industry. Please leave feedback and let us know if there’s tech or a story you want us to cover!


    About

    Michael Valverde is a freelance writer and editor. His favorite video game is Half-Life.


    Where'd our comments go? Subscribe to become a member to get commenting access and true free speech!