A phishing attack targeting Opensea users during a contract update on the platform results in the theft of over 250 NFTs valued at $2,9 million.
Opensa users, the largest market in non-fungible tokens (NFT) of the crypto industry, have suffered an attack of Phishing which led to the theft of 254 NFTs, currently valued at around $2,9 million.
Devin Finzer, co-founder and CEO of Opensea acknowledged the attack on his Twitter account, following several reports published by researchers and cybersecurity firms, such as PeckShield Inc. Finzer indicated that the attack does not seem to be directly related to the Opensea platform, but rather, that users of the NFT market are falling victim to the attack. Phishing through fake emails, which look like authentic Opensea emails but only seek to scam users.
Opensea, which recently announced a smart contract upgrade, asked NFT holders to Ethereum migrate their digital assets to a new contract on the network. The migration process, which was supposed to take a week, opened a security gap that malicious actors exploited to trick unsuspecting users into stealing their NFTs.
It may interest you: What is Mars Stealer? The new Oski variant that attacks cryptocurrency wallet extensions
Phishing Opensea users
NFT marketplace users are reportedly receiving an email containing fake information and a malicious link that directs users to access the new Ethereum smart contract to migrate their NFTs without gas fees. By authorizing the migration from the fake email, users are allowing hackers to access their NFTs, PeckShield Inc. said.
254 NFTs stolen in phishing attack
The blockchain security and analysis company published a listing with the NFTs stolen during the phishing attack on Opensea users. He also noted that the attackers are using the Tornado Cash mixing platform to launder 1.100 ETH (about $2,9 million) that the attacker has from the sale of the NFTs related to the attack.
Source: PeckShield Inc.
The stolen NFTs include more than two dozen non-fungible tokens from the Azuki crypto collection, one of the most traded on the NFT market in recent weeks. NFTs from the Bored Ape Yacht Club (BAYC), Mutant Ape Yacht Club (MAYC), Cool Cats, and even Ethereum Name Service (ENS) collections have also been stolen.
The current minimum selling price for Azuki collection NFTs is 13,5 ETH (currently around $35.740), while the minimum selling price for BAYC and MAYC NFTs is 92 ETH and 18,9 ETH (around $243.600 and $50.000), respectively.
Safety recommendations
In his latest update at the time of writing, Finzer indicated that the account involved in the attack appears to be inactive, at least in the last few hours, and that some of the users have received back their stolen NFTs. However, the Opensea CEO recommends that users be wary and not interact from emails or websites other than Opensea.io and heading down to the official Opensea Support Twitter account in case you have been a victim of the attack PhishingIt also recommends that users revoke access approval and permissions granted to NFTs until the issue has been discovered and resolved.
Opensea developers are still investigating the attack and will publish a detailed report on what happened soon. Meanwhile, Finzer denied that it was a direct exploit to the NFT market. Initially, rumors indicated a $200 million hack of the platform, which turned out to be false, according to Finzer. explained in a Twitter thread. In addition to this, Opensea CTO Nadav Hollander noted that the phishing attack appears to have been executed before the contract migration began, although it is still unknown which platform users may have been tricked from.
Continue reading: Cybersecurity: New malware that targets cryptocurrencies detected from Telegram
