The NFT platform is looking into rumors that a hacker is stealing high-value NFTs from the platform’s users.
OpenSea Users Face Another Attack
High-value NFTs are reportedly under attack from hackers on the OpenSea marketplace. NFT holders across the board are in turmoil as reports have emerged that hackers are actively stealing NFTs and flipping them to gain a profit on OpenSea, which is the world’s largest NFT platform. This attack on the OpenSea happened soon after it was revealed that due to a bug in the code, malicious actors could steal NFTs using old listed prices without the owner’s knowledge.
Even though OpenSea has not yet cracked the hack, the marketplace has warned its users by uploading a statement on its website and on Twitter.
“We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of opensea.io.”
BAYC NFTs Stolen
Since all transactions on the blockchain are visible to all, it can be seen that the attacker had transferred multiple NFTs from different users to their own addresses without paying for them. Some of these NFTs belong to the popular Bored Ape Yacht Club and the Mutant Ape Yacht Club. The hacker also stole an NFT from the Azuki collection and later sold it for 13.4 ETH, approximately $36,000. The attacker still has around 600 more ETH left in his wallet, which amounts to a massive $2 million. The attacker is also showing some odd behavior, as in one instance, it returned multiple NFTs that it stole from one user. However, the stolen NFTs also included a BAYC NFT, which the marketplace has frozen on the grounds of suspicious activity.
Phishing Page Tricks Users
The latest smart contract on OpenSea seeks to address the issue with inactive listings, which was allowing scammers to steal NFTs from collectors by paying the minor amount of their previously listed prices. Because of this glitch, many NFT holders on the platform had lost valuable NFTs at a fraction of its current cost without their knowledge. The marketplace is now asking users to upgrade to the new smart contract to address this glitch. However, it looks like users of this platform are still not out of the danger zone, as now a new threat has popped up. A malicious agent is phishing users with a fake page designed to look like the one that has been created for the smart contract upgrade. Users who are unaware of the difference between the two are blindly following the fake page and losing their information as well as valuable NFTs.
According to Ethereum core developer Hudson Jameson, this is not an OpenSea hack but a phishing issue. He tweeted,
“Feel bad that a lot of folks are calling this the OpenSea “hack” when it seems like under 50 people fell for a phishing email. It’s terrible that this happened, but OS already has enough things they aren’t doing correctly & calling this a hack adds to the stress of their team.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.