Hacker steals NFTs in OpenSea, an NFT marketplace. But what caused the phishing attack, and what happened to OpenSea after? Here’s what went down.
Hacker Steals NFTs
OpenSea was hacked last February 19, 2022. According to the company, a hacker made several users sign malicious payloads. Then, this allowed the hacker to get users’ NFTs.
The hacker found the opportune time to execute the phishing attack considering the platform was in the middle of migrating to a new platform– Wyvern. The migration started on Friday and will end the following Friday (February 25). Although this had happened, the company reassured its users that they could proceed with their activities.
Initial reports have said that over $200 million were stolen from users. However, the CEO debunked the rumor claiming the hacker stole $1.7 million worth of ETH.
Ongoing Investigation
The next day, the company opened an investigation into this matter. Devin Finzer, OpenSea CEO, announced on Twitter that they found that 17 users were affected by this hack. Originally, the reported number was 32, but the CEO and CTO confirmed that 17 users unknowingly authorized transfers.
It was unclear where the hack happened. However, the company was confident it happened outside of the NFT marketplace.
CTO Nadav Hollander gave more insight into this hacking incident. Hollander stressed that the hacking incident did happen before the migration. Plus, he informs users about a secure transaction signature, EIP-712. This will make any signing transactions safer than ever. In the end, he has stated in the tweet thread that they are helping users and providing assistance.
Back to Finzer, he has also reminded users to be careful with what they’re signing to avoid running into any problems like this from happening again. The company also tweeted that users should be wary of links outside the NFT marketplace.
OpenSea Bored Ape Lawsuit
Two days after the hacker steals the NFTs saga, Opensea faces another issue. Decrypt reports that a man from Texas has filed a lawsuit against the platform. The man allegedly knew about the platform’s security flaws that would lead to hacking and eventually buy NFTs for a lower price. Once the hacker obtained the Bored Ape NFT, it seems they sold it at 99ETH (~$270,000).
Timothy McKimmy filed this complaint. He says that the Bored Ape NFT is one of the rarest in the market. At the time it was stolen, it was currently unlisted. In addition, he was one of the people affected by a listing-related exploit back in January. He wants the NFT returned and $1 million for damages.
Other NFT Hacks
The OpenSea hack isn’t the only time an NFT platform faced a hack. Nifty Gateway also experienced a similar hack back in 2021. Digital artwork was stolen from the platform, and thousands of dollars were lost there. They announced in a tweet that those affected did not have two-factor authentication activated.
Securing Your NFTs
Although there were only a few instances of NFT platform hacking, it’s still important to secure your NFTs. How to do that, you may ask? Software wallets and a cold storage hardware wallet are two ways to give your NFTs security and safety. The other way to do so is through an InterPlanetary File System. Even if they may secure your NFTs, you also have to ensure that you don’t click on any random links and use complex passwords and authentications.
What is OpenSea?
OpenSea is touted as one of the first NFT marketplaces in the world. So far, over 600k users have sold, mined, and bought NFTs. There are over 80M NFTs and cryptoart available on the site to buy and sell.
