• “This attack did not originate on [OpenSea],” the company’s CEO and co-founder said
  • Last week, OpenSea launched a customer service server to mitigate risk of fraudsters pretending to be members of the company’s staff

NFT traders Monday were parsing the aftermath of an OpenSea phishing attack that resulted in hundreds of NFTs being stolen over the weekend.

The attack appears to be over, with 17 victims, a revision from the 32 people originally thought to be affected, according to OpenSea.

“This attack did not originate on [OpenSea],” Devin Finzer, CEO and co-founder, wrote in a series of tweets. The company is working with users as it aims to uncover who is responsible, Finzer said.

Finzer dismissed reports of the attack being worth over $200 million and said the hacker had $1.7 million of ether in their wallet, confirmed by Etherscan records.

An OpenSea spokesperson declined to comment further and referred Blockworks to the company’s tweets.

OpenSea is the largest NFT (non-fungible token) marketplace by trading volume and has over 80 million NFTs across two million collections. The platform had $70.78 million in Ethereum-based volume on Monday, down 58% from $169.26 million a month ago, according to data by Dune Analytics user rchen8.

The hacker made off with 254 NFTs during the attack, including a few Bored Ape Yacht Club NFTs, according to a spreadsheet by blockchain security firm PeckShield. The most NFTs stolen during the phishing attack were 37 Azukis, according to data by Dune Analytics user Jelilat.

The users authorized the “migration” as instructed in the phishing email, and the authorization allowed the hacker to steal the NFTs, PeckShield tweeted.

As such, the malicious orders were all backed by valid signatures from users who fell for the phishing scam, Nadav Hollander, OpenSea’s chief technology officer tweeted Sunday.

The attacker had users connect their crypto wallets to a fraudulent site, according to reports, where they signed approvals with Wyvern Exchange to give the attacker control of their NFTs. 

Wyvern Exchange is a decentralized crypto exchange on the Wyvern Protocol that interacts with the Ethereum blockchain.

“The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet,” The OpenDAO wrote in a post. “Unfortunately nobody ever reads what they signed.”

Phishing scams often occur through text messages or emails with deceptive messages, ads or sites that look legitimate. While scams happen across industries, some community members call it a mistake for OpenSea to use email in general.

The co-founder of Pixel Vault, who goes by the pseudonym Beanie, called email “an archaic way to communicate” that “opens up even sophisticated users to risk of being exploited through phishing scams.

“The OpenSea email alert system never really worked anyhow, as it was overrun with spam,” Beanie tweeted.

While messaging platforms such as Discord or Blockscan Chat allow users to log in with Ethereum addresses to message wallet-to-wallet, there are limited new avenues for companies to communicate with their users.

Last week, OpenSea launched a customer service server with Web3 communications platform Metalink to mitigate the risk of fraudsters pretending to be members of the company’s staff, Blockworks reported.

“Our goal is to create a direct channel for you to interact with OpenSea to get support, offer feedback, receive updates, and to share any other information that will help us better serve you,” Stevey Tromberg, OpenSea’s head of community, said in a statement

The partnership was created after alleged scammers previously impersonated OpenSea’s employees to deceive other NFT owners in its Discord chat, which resulted in them losing millions of dollars.

“NFT communities deserve a safe and secure place where they can connect and thrive,” Jake Udell, the founder of Metalink, said.


Get the day’s top crypto news and insights delivered to your inbox every evening. Subscribe to Blockworks’ free newsletter now.


  • Jacquelyn Melinek is a New York-based reporter covering funding, decentralized finance (DeFi) and decentralized autonomous organizations (DAOs). She previously reported on energy markets for S&P Global Platts and Bloomberg News and is published in over 65 news outlets. She graduated from the University of North Carolina at Chapel Hill with a degree in Media and Journalism. Contact Jacquelyn via email at [email protected]