The largest online NFT marketplace OpenSea was hacked last Saturday. The site has been hit by a phishing attack. Hackers have stolen and exchanged Non-Fungible Tokens (NFTs), according to the newspaper The Verge. Cybercriminals are said to have stolen more than 1 million euros in this way.
Last Saturday, hackers broke into OpenSea. It would be a phishing attack. Several OpenSea users received an email that appeared to be from the NFT marketplace asking them to move their NFTs to a new smart contract. Instead of going to the OpenSea website, users were redirected to a fake site.
In the phishing attack, log in details of people with NFTs were stolen. The victims would also have signed a contract with authorization. This gave hackers an opportunity to steal and redeem NFTs. Hackers later modified this contract to change ownership of the NFTs without requiring payment.
NFTs are cryptographic, unique tokens. Each NFT is associated with a unique digital item or item that is non-replaceable (non-fungible). This indicates ownership. When someone buys an NFT, it is stored in a blockchain via a ‘smart contract’. The blockchain is generally a secure option to store important documents. However, it turns out not to be watertight.
OpenSea CEO Devin Finzer has confirmed the phishing attack on the platform. He says that so far 17 users have lost their NFTs. Originally, this number was estimated at 32, but this count included anyone who “interacted” with the attacker rather than individuals who were victims of the phishing attack.
The phishing attack came to light when OpenSea noticed that a few users’ NFTs had changed hands for free. OpenSea was updating its contracts system when the attack occurred. According to OpenSea, the attack had nothing to do with a vulnerability in the new contracts. Otherwise, the number of victims would have been much greater.
Preventing NFT Abuse
OpenSea warns users about phishing emails, which attempt to trap users. The NFT platform requires users to store a new smart contract. This is a type of owner’s license that exists within the blockchain and can help prevent the misuse of NFTs.
OpenSea announced via Twitter that the attacker no longer seems active in recent hours. The NFT marketplace team is continuing to investigate the specifics of the attack and will continue to provide updates on the situation.
Catch up on more articles here
Follow us on Twitter here