OpenSea Users Were Stolen $1.7M
On February 19, it was reported that NFT collectors were losing NFTs and Ethereum from their wallets. OpenSea has now confirmed that the incident was the result of a phishing scam, in which over $1.7 million in assets were transferred to the malicious wallet.
Although the malicious wallet began making transactions in December, reports of phishing activity only started yesterday. This wallet has also been in contact with another wallet that has been identified as a victim of this phishing scam.
After working with the victims, the teams and many other projects across NFT space, CEO OpenSea Devin Finzer stated on his Twitter:
“We have confidence that this was a phishing attack. We don’t know where the phishing occurred, but we’ve been able to rule out a number of things based on our conversations with the 32 affected users.”
“This attack did not originate on http://opensea.io. Interaction with an OpenSea email is not a vector for attack. In fact, we are not aware of any of the affected users receiving or clicking links in suspicious emails. Minting, buying, selling, or listing items using http://opensea.io is not a vector for the attack.
“In particular, signing the new smart contract (the Wyvern 2.3 contract) is not a vector for the attack. Using the listing migration tool on OpenSea to migrate listings to the new Wyvern 2.3 contract is not a vector for the attack. Clicking on our site banner is also not a vector for the attack,” he added, “We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.”
The CEO of OpenSea also confirmed that a Twitter thread by user Neso is “consistent” with his understanding of what happened. Those who lost assets, according to Neso, signed half of a valid wyvern order, which is a decentralized exchange protocol for asset transfers.
The investigation is still ongoing, and no final conclusion has been made regarding this phishing scam.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews