Yesterday the worlds largest NFT marketplace, OpenSea, was attacked by hackers, who used phishing software and stole several of the most sought after NFTs, including Bored Ape Yacht Club and Mutant Ape collections. 32 users has been affected, and so far the loss is totaling around $1.7 million.
Phishing is a commonly used among hackers to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
OpenSea Co-Founder and CEO, Devin Finzerhas already commented on the incident, confirming that 32 users have lost their NFTs, and that the attack did not originate on OpenSea.
While the attacker stopped >4 hours ago, our investigation is ongoing. We’ll keep you updated as we learn more about the exact nature of the phishing attack. If you have specific information that could be useful, please DM @opensea_support.
We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures. Huge thanks to the users that hopped on the phone with us directly.
We have confidence that this was a phishing attack. We don’t know where the phishing occurred, but we’ve been able to rule out a number of things based on our conversations with the 32 affected users. Specifically:
