The world’s largest NFT (non-fungible token) marketplace, OpenSea, has been hit by a phishing attack. On Sunday, the news was confirmed, which says, at least 32 users had lost NFTs worth $1.7 Million.
NFTs worth millions of dollars were being stolen from the OpenSea user’s accounts. The company is investigating the attack, and it is said that the phishing attack is done from outside the OpenSea website.
The Co-Founder and CEO of OpenSea, Devin Finzer, noticed the attack and confirmed the loss of NFTs.
Attackers Have $1.7 Million of ETH (Ethereum)
There were rumors that there was a $200 million hack, but it is not valid; the attackers have stolen $1.7 million of ETH (Ethereum).
The hackers targeted a series of NFTs on OpenSea, from popular collections like Bored Ape Yacht Club, Mutant Ape Yacht Club, and others.
The NFTs that were targeted were the ones who were about to get delisted from the platform once it is migrated to a new smart contract from the old Ethereum blockchain.
However, the NFT marketplace is yet to figure out the cause of the attack. The investigator Peckshield claimed the attackers might have got the user’s information, including email ids.
According to the reports by The Vice points, the attackers were able to transfer numerous NFTs to their own addresses. After selling a few of the NFTs, the attacker’s wallet has more than 600 Ethereum worth $1.7 million.
The Co-Founder, Devin acknowledged the attack via tweet. At that time, a total of 32 users were the victims of a phishing attack. However, the latest update by the company says 17 users are affected.
Importantly, rumors that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
The company shows the drop in numbers within the tweet. The original count “included the ones who had interacted with the attacker.” And the recent count represents the actual victims of the phishing attack.
OpenSea shared that the attack is not active now. According to the investigation reports, there is no activity on the malicious contract for around 15 hours.