NFT Investors Lose $1.7M in OpenSea Phishing Attack

On Saturday, a phishing scam targeted 17 NFT investors of OpenSea, one of the major NFT markets, according to the company. The attack apparently resulted in the theft of over 250 NFTs worth at least $1.7 million.

A nonfungible token, or NFT, is a way of proving ownership of a digital asset. NFTs linked to digital art have been increasingly popular in recent months, thanks to the involvement of high-profile personalities.  The attacker, or attackers, stole NFTs from OpenSea users over a 3-hour window on Saturday by compromising the underlying programming that allows NFTs to be put up for sale.

OpenSea tweeted late Sunday that the attack never seemed to be active, with the most recent action 15 hours previous. Nadav Hollander, the CTO of OpenSea, also provided a technical breakdown of the phishing attack.

See Also: The Critical Role Of 5G In Healthcare Transformation

Phishing attacks are frequently carried out using emails that contain harmful links and fraudulently seem to be of a company. It’s still unknown how OpenSea customers were lured into the phishing operation. According to Hollander, “it appears the attack was launched from outside OpenSea.”

While the identity of the wallet’s owner can be hidden in digital wallets used to keep NFTs, the transfers of digital products on a blockchain are normally public. As a result, anyone with technical knowledge can track the NFTs from wallet to wallet.

“The attacker has $1.7 million in ETH in his wallet from the sale of part of the stolen NFTs,” stated OpenSea CEO Devin Finzer on Twitter after the hack on Saturday. Some of the NFTs appear to have been returned to their original owners by the hacker.

OpenSea tweeted on Sunday that the investigations regarding Saturday’s phishing attack is still ongoing.