Home NFT News OpenSea investigations on NFT phishing attack

OpenSea investigations on NFT phishing attack


Non-fungible tokens are mainly digital tokens that act like authenticity certificates and in other cases, they tend to represent assets ownership ranging from collectables like autographs from celebrities to expensive ape illustrations and even physical goods like a bottle of whiskey. Over the past years, these tokens have rapidly increased gaining popularity. When a user owns these assets, the organization records the data in a digital ledger also known as a blockchain, which is similar to networks that have underpinned cryptocurrencies like bitcoin and others. However, unlike most currencies where you are allowed to exchange the currencies, it is impossible to exchange one NFT for another because each one of these tokens is unique and can’t be duplicated making their design very rare.

Recently, The OpenSea NFT marketplace was investigating a phishing attack that currently appears to not be active as stated by the chief executive of the company. Devin Finzer, the CEO, reached out to Twitter and stated that the organization doesn’t believe that the attack wasn’t in any way the connected to the OpenSea website. He continued saying that approximately 32 users were involved in signing a mischievous payload from the attacker resulting in the missing of some NFTs.

1. CEO Dismisses $200 Million Hack Rumor.

The CEO and co-founder of OpenSea, Devin Finzer, reached out denying internet rumours which claimed that the codebase from NFTs market place experienced a breach and that those who were responsible for the attack managed to steal 200 million dollars. According to Devin, an investigation was done and it appeared that the person involved in the attack had possession of Etherium worth 1.7 million dollars in his wallet by initiating a leverage phishing attack.

2. Attacker returns the stolen NFTs.

As stated earlier by the chief executive officer of opensea about the rumours of a breach in the NFT marketplace, he denied them characterizing the incident as a phishing attack. He strongly insists that the alleged hacking wasn’t involved with OpenSea’s website. However, Devin didn’t mention the exact value of what was stolen instead it was a user from Twitter named Whale, who suggested in a posted tweet some few hours after the incident saying that, “approximately $200 million got lost” while another user named King Jacob, disallowed Devin’s claim of a phishing attack. Jacob king states that there was a flaw in the codes that resulted in one of the biggest exploitations of NFTs in history. However, in a thread twitter post made on the 20th of February, Devin denies all these claims. He went on and said that the investigations did show that the hackers had returned some of the stolen NFTs, “As it appears at this point, the attack isn’t active since we haven’t experienced any mischievous activities in the last 2 hours from the hacker’s account and some of the NFTs have been returned.” He also insists that his team wasn’t aware of all the phishing emails that were sent to the users. Devin also said that at the time he tweeted the thread, his team was still trying to determine the source website that was tricking users into signing those messages.

3. The hacker had Etherium.

Backing up OpenSea’s investigations and findings, the CEO pointed out a technical and more complex context of what happened shared by another Twitter user named Neso. Devin end all threads by denying rumours that stated it was a hack, according to him and his team, they found out that the hacker had etherium worth $1.7m in his wallet which came from selling some of those non-fungible tokens.

Final thoughts.

In some other tweet, the CEO said that it was after his team contacted dozens of teams and people all over the NFT space and confidently knew it was a phishing attack. He also stated that OpenSea is fully active and working with the affected users with an aim of finding out a common website they all interacted with, which might be responsible.


Please enter your comment!
Please enter your name here