OpenSea CEO Devin Finzer is confident, after talking to people, teams, and projects in the NFT space, that users’ NFT losses did not originate on opensea.io but from third-party websites.
The largest Ethereum NFT marketplace experienced a phishing attack on Saturday evening. Some users claimed losses of Cool Cats and Doodle collections.
CEO Devin Finzer said in a tweet, “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.” Some NFT owners were duped into transferring their NFTs into another wallet. Etherscan shows that a balance of 641 ETH now exists in the trickster’s Ethereum wallet.
Finzer refuted claims that this hack amounted to $200M in lost NFTs. He advised those who want to protect themselves from this attack can “un-approve” access to their NFTs on OpenSea.
Finzer advised users to ensure that they are on opensea.io when signing messages.
Not a good few months for OpenSea
OpenSea recently requested customers to migrate their NFTs to a new smart contract on Fri., Feb. 20, 2021. This migration was meant to mitigate the user interface bug on OpenSea’s website that allowed NFTs to be listed at a fraction of their current price and then sold at a profit by at least three perpetrators.
OpenSea’s recent user interface issue caused $1.8M in NFTs to be lost, which OpenSea reimbursed. Users who had transferred their NFTs to new wallets without canceling their old listings saw their NFTs sold for the price of the old listings. OpenSea claimed that the occurrence was “not an exploit or a bug” but rather an issue that arises because of the nature of the blockchain. On Friday, Feb. 25, 2021, all listings still on old smart contracts will expire. If the migration deadline is missed, one can still relist without incurring gas fees. Before that, users are guided via an instructional video on migrating their listings.
CEO reassures OpenSea users
Finzer said on Twitter that the following were not vectors for the attack: using the new migration tool, minting, buying, selling, or listing NFTs using opensea.io, interaction with an OpenSea email, and clicking on the site banner. Finzer said that OpenSea is working with users whose items were stolen to narrow down a set of common websites that they visited that could have been responsible for the malicious signatures. He reassured users, “We have confidence this is not a phishing attack.” OpenSea’s Twitter says, “We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of opensea.io.”
What do you think about this subject? Write to us and tell us!
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.