Trusted

OpenSea CEO Reassures Users After Phishing Attack

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • Some users have lost $1.7M from NFT marketplace OpenSea.
  • This happened, according to OpenSea CEO, Devin Finzer, due to a phishing attack.
  • OpenSea is still investigating with users to trace the source of malicious signature requests.
  • promo

OpenSea CEO Devin Finzer is confident, after talking to people, teams, and projects in the NFT space, that users’ NFT losses did not originate on opensea.io but from third-party websites.

The largest Ethereum NFT marketplace experienced a phishing attack on Saturday evening. Some users claimed losses of Cool Cats and Doodle collections.

CEO Devin Finzer said in a tweet, “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.” Some NFT owners were duped into transferring their NFTs into another wallet. Etherscan shows that a balance of 641 ETH now exists in the trickster’s Ethereum wallet.

Finzer refuted claims that this hack amounted to $200M in lost NFTs. He advised those who want to protect themselves from this attack can “un-approve” access to their NFTs on OpenSea.

Finzer advised users to ensure that they are on opensea.io when signing messages.

Not a good few months for OpenSea

OpenSea recently requested customers to migrate their NFTs to a new smart contract on Fri., Feb. 20, 2021. This migration was meant to mitigate the user interface bug on OpenSea’s website that allowed NFTs to be listed at a fraction of their current price and then sold at a profit by at least three perpetrators.

OpenSea’s recent user interface issue caused $1.8M in NFTs to be lost, which OpenSea reimbursed. Users who had transferred their NFTs to new wallets without canceling their old listings saw their NFTs sold for the price of the old listings. OpenSea claimed that the occurrence was “not an exploit or a bug” but rather an issue that arises because of the nature of the blockchain. On Friday, Feb. 25, 2021, all listings still on old smart contracts will expire. If the migration deadline is missed, one can still relist without incurring gas fees. Before that, users are guided via an instructional video on migrating their listings.

CEO reassures OpenSea users

Finzer said on Twitter that the following were not vectors for the attack: using the new migration tool, minting, buying, selling, or listing NFTs using opensea.io, interaction with an OpenSea email, and clicking on the site banner. Finzer said that OpenSea is working with users whose items were stolen to narrow down a set of common websites that they visited that could have been responsible for the malicious signatures. He reassured users, “We have confidence this is not a phishing attack.” OpenSea’s Twitter says, “We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of opensea.io.”

What do you think about this subject? Write to us and tell us!

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored