One of the biggest digital marketplaces reported a phishing attack. OpenSea CEO Devin Finzer indicated that millions of dollars worth of NFTs were stolen.
Due to the massive popularity of nonfungible tokens (NFTs), many scammers, hackers commonly try to perform criminal and fraudulent attacks to steal the said digital assets and make quick money. Unfortunately, some of them succeeded this time.
OpenSea NFT Hack 2022
A Benzinga report shared the details of the attack. Notably, they took most of their information from a series of tweet updates made by involved personnel.
The issue started when a few OpenSea users reported suspicious activities on their accounts. OpenSea acknowledged the case on Saturday and tweeted that they are "actively investigating rumors of an exploit associated with OpenSea related smart contracts." They also warned users not to click on links outside the official website.
Benzinga later tweeted that NFTs were stolen from users manually migrating their NFTs. An urgent warning was issued thereafter.
Blockchain security company PeckShield further explained the issue. They said the victims all received an email that prompted them to "migrate (your) Ethereum listings to (the) new smart contract." Apparently, clicking on the "Get Started" button authorizes the hacker to steal valuable NFT.
PeckShield Alert tweeted that so many fell victim to this phishing strategy. The firm shared a Google Doc of all the NFTs stolen in the incident.
Devin Finzer eventually tweeted that the firm was "running an all hands on deck investigation." He confirmed that at least 32 OpenSea users "have signed a malicious payload from an attacker, and some of their NFTs were stolen."
Finzer clarified that although some users fell victim, the suspected attacker only has $1.7 million of ETH from selling the stolen NFTs. This statement debunked the rumor that total value of the stolen NFTs are at $200 million.
The issue seems to have settled for now. However, users and traders are still recommended to stay vigilant against cyber criminals.
How to Protect Your NFTs From Theft
Investing Cube provided a few suggestions to protect NFTs from cyberattacks. They suggested that traders should store their NFTs on a non-custodial (or hot storage) crypto wallet, which is protected by 12-24 word seed phrase.
Traders could also try using cold storage for protection instead. This offline external drive effectively stores digital assets remotely, making it hard for hackers to access.
Lastly, traders are advised to never trust suspicious offers. Be warned that this is a popular strategy among hackers to send malicious payloads to a victim. Users are advised to double-check the sender's address and only open emails or links from trusted sources.
Related Article: Should You Dispose Your Old Router? How to Delete Personal Data From the Device