Last month, hackers exploited a bug on NFT marketplace OpenSea and got away with rare NFTs at below market prices. This month, the flavour of the cyberattack is phishing. Over the weekend,one cybercriminal got away with hundreds of NFTs, valuing up to the millions in total.
Specifically, according to the blog called Web3 is Going Great, 32 users lost a total of 254 tokens, cumulatively valued at 641 Ethereum (~RM7.3 million). The tokens themselves are of the Bored Ape Yacht Club and Azuki variety.
Our leadership, engineering, and security teams are communicating with affected users to gather details. We continue to believe that this is a phishing attack that originated outside of https://t.co/3qvMZjxmDB. ↯
— OpenSea (@opensea) February 20, 2022
On Twitter, OpenSea says that its own investigations reveal that this is “an isolated incident impacting a small number of people”. It also points out that the phishing attack is not email-based.
1) Sharing a technical run-down of the phishing attacks targeting @OpenSea users, including some web3 technical education.
— Nadav Hollander (@NadavAHollander) February 20, 2022
Company CTO Nadav Hollander goes on to explain in further detail that the phishing attack were not “executed against the new (Wyvern 2.3) contract”, and that the attack is “unlikely to be related to OpenSea’s migration flow”. For context, the NFT marketplace was in the process of updating its contract system.
It’s certainly a tough couple of months for the NFT scene. Not only has there been two cybersecurity incidents in two months, there’s also plenty of plagiarism and scams to deal with..