Another NFT hacking was detected by traders earlier on OpenSea.
The exploit was reported to have caused millions of dollars worth of NFTs from OpenSea. The rumored exploit was first thought of as widespread hacking in the OpenSea platform. However, OpenSea clarified that there is no vulnerability inside the OpenSea platform.
Instead, the rumored exploit is reported to be a phishing attack from a link that multiple users have clicked.
OpenSea Attack
The attack was first reported on Twitter Saturday night (Feb. 19) when users reported suspicious activity associated with their Twitter accounts. In the beginning, it was speculated that the exploit was linked to a smart contract that OpenSea users had been migrating their NFTs to over the course of the previous few months. OpenSea, on the other hand, indicated that the attack was most likely a phishing attempt.
Non-fungible tokens are non-interchangeable units of data stored in the blockchain, a digital ledger that can be sold and traded.
An NFT holding can be a piece of digital art, celebrity autographs, games, photo, music, and much more.
OpenSea is a company, the leading platform, and marketplace for non-fungible tokens where people can buy and sell NFTs. OpenSea is the house of the world-renowned highest valued NFTs like Bored Ape Yacht Club and CryptoPunks.
As reported by CoinDesk, at the height of the incident, OpenSea tweeted, "we are actively investigating rumors of an exploit associated with OpenSea related smart contracts this appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of opensea.io."
Around 10:50 p.m. ET, OpenSea CEO Devin Finzer followed up in a tweet that "32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen."
The Cause of NFT Phishing in OpenSea
Based on the findings of PeckShield, a blockchain security company that audits smart contracts, the rumored exploit was "most likely phishing," which is when a malicious contract is hidden within a spoof link.
One of the possible sources of the link, according to the company, was the same mass email about the migration process that was sent out earlier.
In addition to approximately $1.7 million worth of ETH, the apparent attacker's address contains three tokens from the Bored Ape Yacht Club, two Cool Cats, one Doodle, and one Azuki.
On the other hand, Peckshield's on-chain data indicates that they stole over 250 pieces from high-value collections such as the Bored Ape Yacht Club, Doodles, Azuki, and NFT Worlds to the data.
What Happens to Stolen NFTs?
According to Cryptobriefing, based on the floor prices for the collections, Crypto Briefing estimated that the total haul was worth more than 1,000 Ethereum, or $3 million. The attacker targeted approximately 32 collectors on the most popular NFT marketplace, who then emptied their Ethereum wallets.
As of the moment, the attacker's wallet contains 641 Ethereum, which is worth approximately $1.7 million, as well as a selection of NFTs that have been stolen.
Some of the NFTs have been returned, and there hasn't been further malicious activity seen from the attacker's account, as stated by Devin Finzer, co-founder of OpenSea.
He also dispelled rumors of a $200 million hack, saying the attacker has $1.7 million of Ethereum in his wallet from selling some of the stolen NFTs.
Read Also: Crypto Rug Pulls: The Biggest NFT Scams Yet