It has been reported that hackers have wiped off hundreds of NFTs worth $1.7 million from Opensea users. This caused a great amount of panic among users late on Saturday night.
In a spreadsheet created by the blockchain security service PeckShield, around 254 tokens were stolen from 32 users during the attack including those from Bored Ape Yacht Club and Decentraland.
The phishing attack does not appear to be active anymore.
These attacks have again sparked controversy highlighting the risks involved with the decentralized system.
Opensea investigates recent phishing attack
At the moment, Opensea is investigating the “phishing attack” that appears to have taken place on Saturday. It has also asked users to share any information that could help them in their investigation.
David Finzer, Opensea’s Chief Executive said that the company does not believe that these attacks were connected to the Opensea website. Around 32 users have reportedly signed a payload from the hacker, and some of their NFTs were taken away.
Finzer said that some of the stolen NFTs were returned by the hacker for reasons that are not known yet. As of now, it appears that the attack was carried out by a single person.
Over the past few years, the popularity of non-fungible tokens (NFTs) has steadily increased.
These attacks appear to have taken advantage of the flexibility in the Wyvern Protocol – the open-source standard which underlies almost all NFT smart contracts including the ones made on Opensea.
At the moment, a lot of details regarding the attack are unclear, especially the route taken by the attacker to sign the half-empty contract.
Opensea capitalizes on recent NFT boom
After Opensea’s valuation touched $13 billion in the latest funding round, it has become one of the valuable firms in the NFT space.
It offers a very simple interface on which users can list, browse, and bid on tokens without interacting with the blockchain directly. However, many say that this success has come with its fair share of security issues.
The company has had a tough time dealing with attacks that leveraged poisoned tokens or old contracts to take away a user’s valuable holdings. At the time of the attack, the platform was in the process of updating its contract system. Opensea has denied that the phishing attacks originated from the new contracts.