OpenSea NFT Marketplace Under Attack: What We Know So Far

OpenSea, a flagship NFT platform, has revealed the exact number of users who had their tokens stolen by a recent attacker. Also, its CTO explains why any crypto holder should be super-vigilant when clicking "Allow" in Metamask.

17 users affected, attackers have ceased their activity

Per the statement shared on the official OpenSea Twitter account, the first results of an investigation have already proven that all involved were victims of a phishing attack, not of the platform's codebase flow.

1) We've narrowed down the list of impacted individuals to 17, rather than the previously mentioned 32. Our original count included anyone who had *interacted* with the attacker, rather than those who were victims of the phishing attack.

HOT Stories

Pavel Durov Reveals Case of New Telegram Millionaire Emerging in Just 20 Days

'Time Will Tell': Binance Bosses Add Intrigue to Bitcoin Mania at $97,000

Ethereum (ETH) to $6,000? Top Analyst Shares Crucial Chart

DOGE Founder Says Bitcoin Growth Dwarfs ‘Everything Else’ But What About Dogecoin?

— OpenSea (@opensea) February 21, 2022

The list of victims was narrowed down to 17 accounts instead of 32. The "long list" included individuals who somehow interacted with the attacker contract but did not lose their tokens.

OpenSea noticed that no activity has been demonstrated by the attackers in the last 15 hours.

On Feb. 20, 2022, the scammers started sending phishing emails impersonating the OpenSea team. Checkpoint cybersecurity experts revealed that the attackers made victims authorize an Atomic Match_ request responsible for NFT transfer logics on OpenSea.

Then, the attacker re-sent the same request to a legit OpenSea account; due to its specific, mentioned interaction—signed by the NFT owner—it resulted in sending all of the victim's tokens to the attacker.

Check out a "Web3 technical education" thread from OpenSea CTO

By press time, net losses of victims are estimated at $1.7 million. During the attack, there were false statements on Crypto Twitter about a "$200 million" scam.

Nadav Hollander, the founder of Dharma DeFi protocol and CTO of OpenSea stressed that this attack would change the way Web3 enthusiasts treat signing off-chain messages:

Education on not sharing seed phrases or submitting unknown transactions has become more widespread in our space. However, signing off-chain messages requires equal consideration.

He added that OpenSea is migrating to a safer contract type in order to reduce the possibility of such attacks and keep all users "alerted" about unusual on-chain events.