OpenSea: $1.7 Million in NFTs Stolen in a Phishing Attack on Users

32 users had NFTs stolen over a relatively short time period

Cybercrimes are rising, and NFTs are not untouched by it. On Saturday, hundreds of NFTs were stolen from OpenSea users, and it caused a late-night panic among all the users of the popular website. According to reliable data, about two hundred and fifty-four tokens were stolen from 32 users in the attack that lasted over roughly three hours- from 5 PM to 8 PM ET. The worth of the stolen tokens could be over $1.7 million.

It is possible that the attack exploited flexibility in the Wyvern Protocol, which is the open-source standard that underlies most of the NFT smart contracts. It is also used on OpenSea. One possible explanation of the attack that was linked by Devin Finzer, the CEO on Twitter, says that the attack likely happened in two parts. First, targets signed a partial contract with many blank portions and general authorization. Secondly, the attackers completed the contract and transferred the ownership of NFTs without payment.

To keep it simple- the attack signed a blank check and transferred the NFTs. One of the users of OpenSea, who was a victim of the attack and went by Neso, said, “They all have valid signatures from the people who lost NFTs, so anyone claiming they didn’t get phished but lost NFTs is sadly wrong.”

OpenSea is one of the most valuable companies in the world of cryptocurrencies and non-fungible tokens. It was last valued at $13 billion. OpenSea allows people to list, browse, and bid on tokens without the need to interact directly with the blockchain. The website was in the process of updating the contract system when the attack occurred. The company denied that the attack originated with the new contracts, which seems true as a flaw in the broader platform would have meant an attack of a larger scale.

After the attack on OpenSea, something unusual has also happened. Reports are coming in that hackers are giving some of the NFTs back. In one such incident, the hacker stole many NFTs from a user and gave most of them back (except the BAYC NFT that holds a lot of value right now).