A hacker stole high-value NFTs from OpenSea users

A hacker is stealing and skimming high-value NFT from users on OpenSea, the world's largest NFT exchange, causing chaos and confusion in the broader NFT community.

The exact mechanism of the hack is currently unknown, but OpenSea placed a red banner at the top of its site Saturday night saying, “We are actively investigating rumors of an exploit associated with OpenSea-related smart contracts. This appears to be a phishing attack that originated outside the OpenSea website.

OpenSea is currently asking users who list NFTs on the site to upgrade to a new smart contract that solves the problem of inactive listings that were allowing fraudsters to withdraw valuable NFTs from collectors on OpenSea for a cheap cost; Some prominent NFT users are now speculating that a malicious actor is phishing people with fake pages designed to look like the ones used to upgrade to this contract.

Blockchain logs show that the attacker was able to transfer several NFTs from different users to their addresses for free. The stolen NFTs included examples from Bored Ape Yacht Club, Mutant Ape Yacht Club, and many other popular groups. The attacker has already sold some NFTs, for example, the NFT of the Azuki group for 13.4 ETH. The attacker’s wallet currently contains more than 600 ETH, worth approximately $2 million.

There are indications that the intruder returned some of the goods they obtained illegally. In one case, the hacker stole several NFTs from a single user including BAYC NFT. The hacker has returned all NFT items except for BAYC, which is currently frozen in OpenSea. The attacker's marketplace page is similar to 404s.

Security researcher Dan Guido tweeted Saturday night that “the security of Web3 platforms depends entirely on wallets with globally poor security UX, and there is very little that platforms can do about it.”

Post a Comment