OpenSea Scammers Went Phishing and Caught Over 250 NFTs From 17 Users

Scammers made off with 254 NFTs, including a few Bored Ape Yacht Club NFTs, according to data from blockchain security firm PeckShield


Blockworks Exclusive art by axel rangel


key takeaways

  • “This attack did not originate on [OpenSea],” the company’s CEO and co-founder said
  • Last week, OpenSea launched a customer service server to mitigate risk of fraudsters pretending to be members of the company’s staff

NFT traders Monday were parsing the aftermath of an OpenSea phishing attack that resulted in hundreds of NFTs being stolen over the weekend.

The attack appears to be over, with 17 victims, a revision from the 32 people originally thought to be affected, according to OpenSea.

“This attack did not originate on [OpenSea],” Devin Finzer, CEO and co-founder, wrote in a series of tweets. The company is working with users as it aims to uncover who is responsible, Finzer said.

Finzer dismissed reports of the attack being worth over $200 million and said the hacker had $1.7 million of ether in their wallet, confirmed by Etherscan records.

An OpenSea spokesperson declined to comment further and referred Blockworks to the company’s tweets.

OpenSea is the largest NFT (non-fungible token) marketplace by trading volume and has over 80 million NFTs across two million collections. The platform had $70.78 million in Ethereum-based volume on Monday, down 58% from $169.26 million a month ago, according to data by Dune Analytics user rchen8.

The hacker made off with 254 NFTs during the attack, including a few Bored Ape Yacht Club NFTs, according to a spreadsheet by blockchain security firm PeckShield. The most NFTs stolen during the phishing attack were 37 Azukis, according to data by Dune Analytics user Jelilat.

The users authorized the “migration” as instructed in the phishing email, and the authorization allowed the hacker to steal the NFTs, PeckShield tweeted.

As such, the malicious orders were all backed by valid signatures from users who fell for the phishing scam, Nadav Hollander, OpenSea’s chief technology officer tweeted Sunday.

The attacker had users connect their crypto wallets to a fraudulent site, according to reports, where they signed approvals with Wyvern Exchange to give the attacker control of their NFTs. 

Wyvern Exchange is a decentralized crypto exchange on the Wyvern Protocol that interacts with the Ethereum blockchain.

“The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet,” The OpenDAO wrote in a post. “Unfortunately nobody ever reads what they signed.”

Phishing scams often occur through text messages or emails with deceptive messages, ads or sites that look legitimate. While scams happen across industries, some community members call it a mistake for OpenSea to use email in general.

The co-founder of Pixel Vault, who goes by the pseudonym Beanie, called email “an archaic way to communicate” that “opens up even sophisticated users to risk of being exploited through phishing scams.

“The OpenSea email alert system never really worked anyhow, as it was overrun with spam,” Beanie tweeted.

While messaging platforms such as Discord or Blockscan Chat allow users to log in with Ethereum addresses to message wallet-to-wallet, there are limited new avenues for companies to communicate with their users.

Last week, OpenSea launched a customer service server with Web3 communications platform Metalink to mitigate the risk of fraudsters pretending to be members of the company’s staff, Blockworks reported.

“Our goal is to create a direct channel for you to interact with OpenSea to get support, offer feedback, receive updates, and to share any other information that will help us better serve you,” Stevey Tromberg, OpenSea’s head of community, said in a statement

The partnership was created after alleged scammers previously impersonated OpenSea’s employees to deceive other NFT owners in its Discord chat, which resulted in them losing millions of dollars.

“NFT communities deserve a safe and secure place where they can connect and thrive,” Jake Udell, the founder of Metalink, said.

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

MON - WED, MARCH 18 - 20, 2024

Digital Asset Summit (DAS) is returning March 2024. What you can expect: And more! Don’t miss out on the opportunity to be in the room when the future of crypto is decided. Join us and help shape the future of our […]

recent research

Research report - cover graphics-2.jpg


Base has doubled-down on its commitment to the Superchain vision, has shown early signs of success with nearly $400M in TVL, and has become home to novel dapps such as which has seen significant traction.


Their current stance is a half-baked attempt that could stifle innovation and burden an emerging industry


Maker’s DeFi-focused “subDAO” passed a proposal activating a lending market for DAI on the Gnosis Chain


Certain creditors could be repaid sooner, with one hedge fund exec telling Blockworks it expects a payout by the end of the year


Busan is South Korea’s second largest city with a population around 3.4 million


Cyprus granted eToro crypto registration, setting the groundwork for the company to operate crypto services post-MiCa rollout



These are the best tools and practices you can leverage to defend against crypto market volatility