OpenSea Scammers Went Phishing and Caught Over 250 NFTs From 17 Users

Scammers made off with 254 NFTs, including a few Bored Ape Yacht Club NFTs, according to data from blockchain security firm PeckShield


Blockworks Exclusive art by axel rangel


key takeaways

  • “This attack did not originate on [OpenSea],” the company’s CEO and co-founder said
  • Last week, OpenSea launched a customer service server to mitigate risk of fraudsters pretending to be members of the company’s staff

NFT traders Monday were parsing the aftermath of an OpenSea phishing attack that resulted in hundreds of NFTs being stolen over the weekend.

The attack appears to be over, with 17 victims, a revision from the 32 people originally thought to be affected, according to OpenSea.

“This attack did not originate on [OpenSea],” Devin Finzer, CEO and co-founder, wrote in a series of tweets. The company is working with users as it aims to uncover who is responsible, Finzer said.

Finzer dismissed reports of the attack being worth over $200 million and said the hacker had $1.7 million of ether in their wallet, confirmed by Etherscan records.

An OpenSea spokesperson declined to comment further and referred Blockworks to the company’s tweets.

OpenSea is the largest NFT (non-fungible token) marketplace by trading volume and has over 80 million NFTs across two million collections. The platform had $70.78 million in Ethereum-based volume on Monday, down 58% from $169.26 million a month ago, according to data by Dune Analytics user rchen8.

The hacker made off with 254 NFTs during the attack, including a few Bored Ape Yacht Club NFTs, according to a spreadsheet by blockchain security firm PeckShield. The most NFTs stolen during the phishing attack were 37 Azukis, according to data by Dune Analytics user Jelilat.

The users authorized the “migration” as instructed in the phishing email, and the authorization allowed the hacker to steal the NFTs, PeckShield tweeted.

As such, the malicious orders were all backed by valid signatures from users who fell for the phishing scam, Nadav Hollander, OpenSea’s chief technology officer tweeted Sunday.

The attacker had users connect their crypto wallets to a fraudulent site, according to reports, where they signed approvals with Wyvern Exchange to give the attacker control of their NFTs. 

Wyvern Exchange is a decentralized crypto exchange on the Wyvern Protocol that interacts with the Ethereum blockchain.

“The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet,” The OpenDAO wrote in a post. “Unfortunately nobody ever reads what they signed.”

Phishing scams often occur through text messages or emails with deceptive messages, ads or sites that look legitimate. While scams happen across industries, some community members call it a mistake for OpenSea to use email in general.

The co-founder of Pixel Vault, who goes by the pseudonym Beanie, called email “an archaic way to communicate” that “opens up even sophisticated users to risk of being exploited through phishing scams.

“The OpenSea email alert system never really worked anyhow, as it was overrun with spam,” Beanie tweeted.

While messaging platforms such as Discord or Blockscan Chat allow users to log in with Ethereum addresses to message wallet-to-wallet, there are limited new avenues for companies to communicate with their users.

Last week, OpenSea launched a customer service server with Web3 communications platform Metalink to mitigate the risk of fraudsters pretending to be members of the company’s staff, Blockworks reported.

“Our goal is to create a direct channel for you to interact with OpenSea to get support, offer feedback, receive updates, and to share any other information that will help us better serve you,” Stevey Tromberg, OpenSea’s head of community, said in a statement

The partnership was created after alleged scammers previously impersonated OpenSea’s employees to deceive other NFT owners in its Discord chat, which resulted in them losing millions of dollars.

“NFT communities deserve a safe and secure place where they can connect and thrive,” Jake Udell, the founder of Metalink, said.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Unlocked by Template.png


With the spot ETH ETF approval, the institutions are coming. stETH - given its dominance in marketshare, existing liquid market structures, and highly desirable properties - is poised for institutions.


Launching cryptocurrencies the old fashioned way may soon make a return


Kraken and CertiK brought their beef to social media after Kraken said researchers exploited $3 million through a bug


NVIDIA’s historic run is only deepening the divide between mega-cap tech stocks and the rest of the market.


EIP-7702 was quickly adopted for the next Ethereum upgrade, but developers haven’t quite locked it down