OpenSea Scammers Went Phishing and Caught Over 250 NFTs From 17 Users

Scammers made off with 254 NFTs, including a few Bored Ape Yacht Club NFTs, according to data from blockchain security firm PeckShield

article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • “This attack did not originate on [OpenSea],” the company’s CEO and co-founder said
  • Last week, OpenSea launched a customer service server to mitigate risk of fraudsters pretending to be members of the company’s staff

NFT traders Monday were parsing the aftermath of an OpenSea phishing attack that resulted in hundreds of NFTs being stolen over the weekend.

The attack appears to be over, with 17 victims, a revision from the 32 people originally thought to be affected, according to OpenSea.

“This attack did not originate on [OpenSea],” Devin Finzer, CEO and co-founder, wrote in a series of tweets. The company is working with users as it aims to uncover who is responsible, Finzer said.

Finzer dismissed reports of the attack being worth over $200 million and said the hacker had $1.7 million of ether in their wallet, confirmed by Etherscan records.

An OpenSea spokesperson declined to comment further and referred Blockworks to the company’s tweets.

OpenSea is the largest NFT (non-fungible token) marketplace by trading volume and has over 80 million NFTs across two million collections. The platform had $70.78 million in Ethereum-based volume on Monday, down 58% from $169.26 million a month ago, according to data by Dune Analytics user rchen8.

The hacker made off with 254 NFTs during the attack, including a few Bored Ape Yacht Club NFTs, according to a spreadsheet by blockchain security firm PeckShield. The most NFTs stolen during the phishing attack were 37 Azukis, according to data by Dune Analytics user Jelilat.

The users authorized the “migration” as instructed in the phishing email, and the authorization allowed the hacker to steal the NFTs, PeckShield tweeted.

As such, the malicious orders were all backed by valid signatures from users who fell for the phishing scam, Nadav Hollander, OpenSea’s chief technology officer tweeted Sunday.

The attacker had users connect their crypto wallets to a fraudulent site, according to reports, where they signed approvals with Wyvern Exchange to give the attacker control of their NFTs. 

Wyvern Exchange is a decentralized crypto exchange on the Wyvern Protocol that interacts with the Ethereum blockchain.

“The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet,” The OpenDAO wrote in a post. “Unfortunately nobody ever reads what they signed.”

Phishing scams often occur through text messages or emails with deceptive messages, ads or sites that look legitimate. While scams happen across industries, some community members call it a mistake for OpenSea to use email in general.

The co-founder of Pixel Vault, who goes by the pseudonym Beanie, called email “an archaic way to communicate” that “opens up even sophisticated users to risk of being exploited through phishing scams.

“The OpenSea email alert system never really worked anyhow, as it was overrun with spam,” Beanie tweeted.

While messaging platforms such as Discord or Blockscan Chat allow users to log in with Ethereum addresses to message wallet-to-wallet, there are limited new avenues for companies to communicate with their users.

Last week, OpenSea launched a customer service server with Web3 communications platform Metalink to mitigate the risk of fraudsters pretending to be members of the company’s staff, Blockworks reported.

“Our goal is to create a direct channel for you to interact with OpenSea to get support, offer feedback, receive updates, and to share any other information that will help us better serve you,” Stevey Tromberg, OpenSea’s head of community, said in a statement

The partnership was created after alleged scammers previously impersonated OpenSea’s employees to deceive other NFT owners in its Discord chat, which resulted in them losing millions of dollars.

“NFT communities deserve a safe and secure place where they can connect and thrive,” Jake Udell, the founder of Metalink, said.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

HYATT REGENCY SALT LAKE CITY

TUES, OCT. 8, 2024

Guided by the expertise of Blockworks Research Analysts team, this one day event will feature senior leaders, entrepreneurs, and developers from across the crypto industry. Attendees will have the opportunity to participate in an immersive experience to explore the latest trends, […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

avaxcover.png

Research

The Avalanche Network is well on its way to becoming the best platform to build high-performance blockchains that can seamlessly interact with each other, and the strong focus on performant and scalable blockchains will likely be Avalanche’s competitive advantage.

article-image

Assets under management in global crypto ETPs broke the $100 billion mark for the first time amid BTC price increases and persistent inflows

article-image

Bitcoin and ether stay flat post-selloff as SOL fans brace for a new all-time high

article-image

For the first time ever, Bitcoin’s halving comes right after a new all-time high

article-image

The company unveiled its research platform upgrades during the first day of Blockworks’ Digital Asset Summit in London

article-image

With this launch, Blockworks Research consolidates hundreds of features into one subscription model

article-image

After the capital infusion led by Jump Crypto, Pantera Capital and Lightspeed Faction, Figure also seeks to offer a registered security alternative to stablecoins