Home > Cyber News > OpenSea Phishing Attack Results in Loss of $3 Million in NFTs

OpenSea Phishing Attack Results in Loss of $3 Million in NFTs

OpenSea smart contracts nfts-sensorstechforum

An NFT-related cybersecurity incident involving the OpenSea NFT marketplace took place over the weekend. Apparently, threat actors exploited a smart contract migration to deceit 17 users, resulting in a loss of nearly 3 million dollars worth of NFTs (non-fungible tokens).

OpenSea Hack: What Happened?

On February 19, hackers emptied the wallets of 17 users. One of the possible reasons is “a new contract that OpenSea had rolled out, or an airdrop from a new NFT marketplace called X2Y2.” As a result, NFT owners were urged to revoke permissions for both the OpenSea contract and for X2Y2 until more details were revealed, although one of the most popular websites helping people do so went down shortly after from the high traffic, according to a post dedicated to the incident.

Shortly after the incident, users started reporting missing NFTs, and the platform acknowledged the issue, tweeting about the issue. According to the tweet, they initiated an investigation regarding an exploit associated with smart contracts related to OpenSea. Apparently, a phishing attack is to blame, coming from outside of the platform, rather than an issue with the contract itself. Later, it was determined that a threat actor had successfully phished 17 OpenSea users into signing a malicious contract, allowing him to take the NFTs and then flip them.

What is strange is that the hacker returned some of the non-fungible tokens to their original owners. Moreover, one of the victims even received 50 ETH, or $130,000 from the hacker in addition to some of his stolen NFTs. The hacker later transferred 1,115 ETH obtained from the attack to a cryptocurrency tumbler, equaling to $2.9 million.

The Risk of Smart Contracts and NFTs

Smart contracts are fundamental to the design of NFT tokens. However, they also create security loopholes in the existing NFT market. We have another real-world example to illustrate these risks – an attack against DeFi-based Poly Network. In this attack, threat actors stole nearly $600 million. You can learn more about the risks stemming from non-fungible tokens in our dedicated article.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree