Key Takeaways
- Largest NFT marketplace OpenSea suffered a phishing attack on Sunday.
- Claims of exploits to the tune of $200 million have been doing the rounds.
- OpenSea CEO Devin Finzer denied taking responsibility for the attack.
- However, he confirmed that thirty-two users lost NFTs worth at $1.7 million.
YEREVAN (CoinChapter.com) – OpenSea, the largest NFT marketplace, has suffered a phishing attack. According to people familiar with the incident, about thirty-two users have fallen prey to the incident, resulting in $1.7 million in stolen NFT sales.
Twitter users and notorious Bitcoin (BTC) bear Mr. Whale brought the incident to light on Sunday.
“BREAKING: Massive Opensea “exploit” in their new migration contract allowed users to sell, steal any NFT from any users. Over $200M lost already,”
Mr. Whale alleged.
Hours later, OpenSea took issues with his tweet, denying the allegations. Calling Mr. Whale’s claims a mere rumor, the largest NFT marketplace assured investigation was underway. According to the company’s official Twitter handle, the incident was not a hack or an exploit but a phishing attack.
“We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of http://opensea.io,”
OpenSea wrote.
Recommended: OpenSea reimburses $1.8 million to victims of NFT listing bug
OpenSea CEO denies responsibility
OpenSea’s co-founder and CEO Devin Finzer denied responsibility for the breach. Claiming that the exploit had nothing to do with the website or a coding lapse, he confirmed it as a phishing attack and not a hack. However, he did confirm that thirty-two users had lost some of their NFTs.
“As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen,”
he claimed in a Twitter thread.
In addition, Finzer rubbished Mr. Whale’s claims about losses to the tune of $200 million. As per the CEO, the attacker has managed to amass $1.7 million worth of Ethereum (ETH) in his wallet from selling some of the stolen NFTs.
CTO of OpenSea Nadav Hollander also confirmed Finzer’s explanation in a series of tweets of his own.
However, Twitter user Jacob King has come out to confirm Mr. Whale’s allegations. In a tweet that contains a snapshot of the OpenSea code, King has alleged the platform is lying to its users. According to him, a flaw in the code of OpenSea enabled attackers to steal the NFTs.
“#OpenSea is now lying and claiming the exploit was actually just phishing emails people were receiving. This is 100% not true, but rather a flaw in their code which led to one of the largest #NFT exploits in history,”
he hinted.
The platform claims its team is currently in touch with those that suffered in the incident. Finzer also claimed the attacker had allegedly returned some of the stolen NFTs.
However, only a full postmortem report will show the exact impact the incident has had.
