- Around 10:50 p.m. ET, OpenSea CEO Devin Finzer followed up in a tweet that “32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.” He added that the company is “not aware of any recent phishing emails that have been sent to users,” and suggested a fraudulent website may be to blame.
- PeckShield, a blockchain security company that audits smart contracts, stated that the rumored exploit was “most likely phishing” – a malicious contract hidden in a disguised link. The company cited that same mass email about the migration process as one of the possible sources of the link.
- The apparent attacker’s address (which the blockchain explorer website Etherscan has already slapped with a “phish/hack” warning badge) holds about $1.7 million worth of ether (ETH), as well as three tokens from the Bored Ape Yacht Club, two Cool Cats, one Doodle and one Azuki.
Update (Feb. 20, 04:42 UTC): Adds public statement from OpenSea CEO.
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.