The whole NFT community was shaken in the last week of February 2022 as a perceived phishing attack occurred in one of the world’s largest NFT marketplaces. People were in panic mode as over 254 tokens stolen were recorded in a spreadsheet by blockchain security, Peckshield, in a news release by The Verge.
Today, we take a deeper look into OpenSea and how it will impact the NFT space in general. If you’re new to the world of NFTs, you’re in the right place! Continue reading below to find out all the latest blockchain news and to be in the know in all things crypto.
How Did the OpenSea Hack Happen?
Early on Saturday, February 19, 2022, 254 tokens were reportedly stolen within three hours which alerted the NFT community. It was estimated that almost USD200 million worth of NFTs were compromised and stolen, which was later cleared by Devin Finzer, CEO and Co-founder of OpenSea.
The company investigated the attack even further and assured that it no longer appeared to be active. “We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen,” Finzer adds in his Tweet.
In some sources, the attack seemed to exploit a portion of the Wyvern Protocol, which happens to be an open-source standard that supports most NFT smart contracts, one of them being OpenSea. Finzer describes the attack as orchestrated in two parts: prospective victims signed a partial contract with general authorization and large portions were left blank. As soon as it is signed, hackers would then complete the contract with their own contract transferring ownership of the NFT sans payment.
What happens is that hacking victims sign a blank check that later is filled in by the hacker to seize their holdings.
OpenSea’s Official Word and of the Phishing Attack to the NFT space
In a series of tweets by OpenSea’s CEO, Devin Finzer, it was said that the company conducted a thorough investigation into the incident. Finzer states, “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”
Finzer later mentioned that the hackers scammed users by employing a phishing attack through malicious emails sent to its unknowing victims. They later had access to passwords and sensitive personal details used to get into their accounts.
While great strides are made to ensure the safety of users’ digital assets in the metaverse, hackers and scammers are becoming wiser in figuring out ways to circumvent security protocols online. This leaves users in a vulnerable position with their digital currencies and investments stored online.
That said, companies working in the NFT space must collaborate together with their users and other cybersecurity organizations in ensuring everyone’s digital safety. Users must also be vigilant, especially when transacting online—this includes safekeeping their personal and financial data to avoid scamming and data phishing.
As always, don’t forget to subscribe to gmBlockchain and get all the latest news and updates fresh from the crypto world!