OpenSea Investigating ‘Exploit Rumors’ as Users Complain of Missing NFTs

Emails purporting to be from the NFT marketplace about a planned smart contract migration may have been a phishing attack.

Feb 20, 2022 at 3:32 a.m. UTC
Updated Feb 22, 2022 at 3:14 p.m. UTC

Will Gottsegen is CoinDesk's media and culture reporter. He holds ETH and two NFTs above CoinDesk's disclosure threshold of $1000.

In the wake of a series of viral tweets from panicked non-fungible token (NFT) traders, leading marketplace OpenSea says it’s investigating “rumors of an exploit” regarding smart contracts connected to its platform – a vulnerability that may have cost traders valuable tokens.

  • “We are actively investigating rumors of an exploit associated with OpenSea related smart contracts,” OpenSea posted to Twitter Saturday night U.S. hours. “This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of opensea.io.”
  • Around 10:50 p.m. ET, OpenSea CEO Devin Finzer followed up in a tweet that “32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.” He added that the company is “not aware of any recent phishing emails that have been sent to users,” and suggested a fraudulent website may be to blame.
  • OpenSea had planned to revise its smart contract (the code governing its trading platform, essentially) by releasing a brand-new contract on Friday. The upgraded contract was intended to ensure old, inactive listings on the platform would eventually expire.
  • On Twitter, traders shared what they’d initially thought were official OpenSea emails about the migration process from contract A to contract B.
  • PeckShield, a blockchain security company that audits smart contracts, stated that the rumored exploit was “most likely phishing” – a malicious contract hidden in a disguised link. The company cited that same mass email about the migration process as one of the possible sources of the link.
  • The apparent attacker’s address (which the blockchain explorer website Etherscan has already slapped with a “phish/hack” warning badge) holds about $1.7 million worth of ether (ETH), as well as three tokens from the Bored Ape Yacht Club, two Cool Cats, one Doodle and one Azuki.

Update (Feb. 20, 04:42 UTC): Adds public statement from OpenSea CEO.


Read more about
The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Will Gottsegen is CoinDesk's media and culture reporter. He holds ETH and two NFTs above CoinDesk's disclosure threshold of $1000.

CoinDesk - Unknown

Will Gottsegen is CoinDesk's media and culture reporter. He holds ETH and two NFTs above CoinDesk's disclosure threshold of $1000.

Trending

1
CoinDesk - Unknown
MetaMask Has a Plan to Help Victims of Crypto Scams

The popular Ethereum wallet has partnered with recovery specialist Asset Reality.

The popular Ethereum wallet has partnered with recovery specialist Asset Reality.

CoinDesk - Unknown
2
CoinDesk - Unknown
How NFTs Will Drive the New Wave of Consumer Loyalty

You’re not going to get rid of something that much of the world finds useful just because of some volatility.

You’re not going to get rid of something that much of the world finds useful just because of some volatility.

CoinDesk - Unknown
3
CoinDesk - Unknown
For Financial Advisors, Bitcoin Is the Next Nasdaq

The investment opportunity in bitcoin used to be like a single company, but now it's more like an entire asset class.

The investment opportunity in bitcoin used to be like a single company, but now it's more like an entire asset class.

CoinDesk - Unknown
4
CoinDesk - Unknown
By Any Means Necessary

The future leaders of this country, our children are being murdered in cold blood and that can’t happen anymore.

The future leaders of this country, our children are being murdered in cold blood and that can’t happen anymore.

CoinDesk - Unknown