OpenSea loses USD 1.7 million dollars in NFT by phishing attack

US non-fungible token (NFT) marketplace OpenSea recorded a ‘phishing’ attack last weekend, resulting in nearly $2 million worth of NFT being stolen in just three hours.

OpenSea co-founder and CEO Devin Finzer explained that the attacks on these personal accounts on OpenSea were external to the platform and did not originate internally.

“As far as we know, this is a ‘phishing’ attack. We don’t believe it is related to the company’s website. It appears that so far 32 users have signed a malicious payload from an attacker and some of their NFTs have been stolen”, he indicated via Twitter.

In this case, the attacker violated the wyvern protocol, an open source standard used by different platforms, including this NFT market, to support trading contracts for these assets.

This indicates that he would have modified these agreements to impersonate the platform and deceive the victims, whom he urged to share information and approve partial contracts for their accounts. In this way, one part of the contract was signed by the victim and the other by the attacker pretending to be OpenSea.

Once signed, he filled in the missing data with the NFTs he wanted to steal from the original users and tied them to his own contract to transfer non-fungible tokens.

As pointed out by the blockchain security and data analysis company PeckShield, during the attack 254 tokens from different collections were seized, causing a theft valued at 1.7 million dollars. Among the accounts on this list are some of the most valuable today, such as Bored Ape Yacht Club.

K. Tovar

Source: Xataka