OpenSea NFT heist: Attackers make off with millions of digital assets
Some users of Opensea, one of the most prominent and popular NFT marketplaces, were shocked to see some of their NFTs had been stolen over the weekend. As The Verge reported, the heist seems to have occurred on Saturday between 5 p.m. and 8 p.m. ET. During that time 254 tokens were stolen.
So how did the attackers carry out the heist? OpenSea has been adamant that the site was not hacked, with OpenSea CEO Devin Finzer saying on Twitter that the website, its listing systems, or any banners it hosted were not a vector for the attack. Right now the most popular theory is that the 254 tokens were stolen in a phishing attack, though that is not confirmed.
Interaction with an OpenSea email is not a vector for attack. In fact, we are not aware of any of the affected users receiving or clicking links in suspicious emails.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
However, in a series of tweets, OpenSea has confirmed two things about the attack:
2) The attack does not appear to be active at this time. There has been no activity on the malicious contract in >15 hours.
— OpenSea (@opensea) February 21, 2022
So what was the value of the NFTs that got lifted in the heist? Original reports had their value pegged as high as $200 million, but in a tweet, Finzer says the value is only $1.7 million. That figure is based on the amount of the Ether cryptocurrency the attacker currently has in his digital wallet. Finzer says the amount was gained “from selling some of the stolen NFTs.”
Importantly, rumors that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
We’ve reached out to OpenSea for comment and will update this post if we hear back.
(31)
