OpenSea, known as the NFT marketplace, is investigating a “phishing attack” that has deprived more than 30 of its users access to some of their most valuable digital tokens. Great panic was reported late Saturday evening when someone stole hundreds of NFTs.
According to a spreadsheet compiled by blockchain security service PeckShield, in a few hours that afternoon, the attacker had targeted 32 accounts and obtained 254 assets. Among the stolen NFTs are tokens from the Bored Ape Yacht Club and Azuki collections. According to an estimate by Web3 architect Molly White, the total value of the stolen assets is 641 Ethereum. “We suspect this is a phishing attack,” Devin Finzer, co-founder and CEO of OpenSea
, said in a tweet published early Sunday morning, adding: “We don’t know where the phishing took place, but the affected Based on our conversations with 32 users, we were able to rule out a lot of possibilities.”
As noted by The Verge, the attack likely took advantage of an aspect of the Wyvern Protocol. Many Web3 platforms, including OpenSea, use the open source standard to support their contracts.
While there is still much we do not know about the attack, what is clear is that it could not come at a worse time for OpenSea. On Friday, the company launched a new smart contract, asking people to move their assets. It has also been the subject of controversy lately due to the prevalence of tokens that first started with an employee resigning from using insider information to profit from NFT downfalls and then later became fake, plagiarized or spammed on his platform.