$1.7M in NFTs stolen in OpenSea phishing attack
Discovered on Saturday
On Saturday night, OpenSea shared that it was investigating a phishing scam targeting users on its platform, quickly causing fear amongst the community.
"We are actively investigating rumors of an exploit associated with OpenSea related smart contract. This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of opensea.io." OpenSea shared on Twitter.
According to a spreadsheet compiled by the blockchain security service PeckShield, 32 users were targeted between 5 PM and 8 PM EST, resulting in 254 NFTs being stolen.
While it might seem like these numbers wouldn’t make a big impact on the marketplace, the attackers stole primarily high-value NFTs from collections such as Bored Ape Yacht Club, Decentraland, Doodles, Azuki, and many others, valued at an estimated total of $1.7 million.
OpenSea CEO Devin Finzer on Twitter described that the phishing attack targeted signed partial contracts that had general authorization but had large portions of the contract left blank. Finzer continued by explaining that with signatures in place, the attackers were able to complete the contract with just a call to their own contracts, transferring the ownership of the NFTs without any payments.
For more from us at Waivly, join our free fun-to-read and to-the-point newsletter enjoyed by hundreds of people across the internet every day of the week 👇