The actual number of users whose tokens were recently stolen by an attacker was revealed by OpenSea, a leading NFT marketplace. Its CTO also shares why investors should be extremely careful when clicking “allow” on Metamask.
17 NFT investors affected, attackers shut down
According to a statement posted on the official OpenSea Twitter account, preliminary findings of an investigation revealed that everyone involved was the victim of a phishing attempt, not the platform’s coding stream.
32 instead of victims, the list has been reduced to 17 accounts. Individuals who contracted the attacker but did not lose their tokens were included in the list. According to OpenSea, the attackers did not show any activity in the last 15 hours. On February 20, 2022, they started sending phishing emails impersonating the OpenSea team. According to Checkpoint cybersecurity experts, attackers forced victims to authorize an Atomic Match request responsible for NFT transfer logics in OpenSea.
The attacker then repeated the same request to a legitimate OpenSea account, resulting in the attacker capturing all of the victim’s tokens through a precise and determined interaction signed by the NFT owner.
OpenSea CTO published a detailed white paper
At the time of publication, victims’ net losses were estimated at $1.7 million. During the attack, allegations of a “$200 million” scam were made in the crypto Twitter community. According to Nadav Hollander, founder of the Dharma DeFi protocol and CTO of OpenSea, this attack will affect the way Web3 enthusiasts approach off chain message signing:
Our industry is becoming more aware of the need to not distribute seed phrases or send unknown transactions. has arrived. On the other hand, signing off chain communications requires equal attention.
Nadav Hollander adds that OpenSea has moved to a more secure contract form to reduce the risk of such attacks and to keep all users “alert” of chain events.
As a result, we see that an advanced phishing attack has started against the OpenSea platform and security companies are working hard on this issue. You can find the details of the phishing attacks on the platform, which we have transferred as Kriptokoin.com.