On Saturday, a phishing assault targeted 17 users of OpenSea, one of the major NFT markets, according to the business. The hack resulted in the theft of over 250 NFTs valued at least $1.7 million.
A nonfungible token, or NFT, is a way of proving ownership of a digital asset. NFTs related to digital art have been increasingly popular in recent months, thanks to the involvement of high-profile personalities.
The attacker, or attackers, stole NFTs from OpenSea users over a 3-hour window on Saturday by compromising the underlying programming that allows NFTs to be purchased and traded.
OpenSea tweeted late Sunday that the attack didn’t appear active, with the most recent action 15 hours previous. Nadav Hollander, the CTO of OpenSea, also provided a technical breakdown of the phishing assault.
Phishing attacks are frequently carried out through emails that contain harmful links and fraudulently purport to be from a firm. It’s still unknown how OpenSea customers were lured into the phishing operation, but according to Hollander, “it appears the assault was launched from outside OpenSea.”
While the identity of the wallet’s owner can be hidden in digital wallets used to keep NFTs, the transactions of digital assets on a blockchain are generally public. As a result, anyone with technical knowledge can track the NFTs from wallet to wallet.
“The attacker has $1.7 million in ETH in his wallet from the sale of part of the stolen NFTs,” stated OpenSea CEO Devin Finzer on Twitter following the hack on Saturday. Additionally, some of the NFTs appear to have been returned to their original owners by the hacker.
OpenSea tweeted on Sunday that the investigation into Saturday’s phishing attack is still underway.