OpenSea planned upgrade stalls as phishing attack targets NFT migration

Published at: Feb. 20, 2022

Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don't migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration.

Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. 

However, the urgency and short deadline opened up a small window of opportunity for hackers. Within hours after OpenSea’s upgrade announcement, reports across multiple sources emerged about an ongoing attack that targets the soon-to-be-delisted NFTs.

OPENSEA EXPLOITED Everyone tag @opensea to get them to pause their new contract while everyone figures out whats going on with the exploit! #NFT #NFTs #NFTTheft #NFTScam #NFTSecurity #NFTAlert

— gt_dog (@gt_dog84) February 20, 2022

Further investigations revealed that attackers used phishing emails to steal the NFTs before they get migrated over OpenSea’s new smart contract. Once a user authorizes the NFT migration from the fraudulent email, the attackers gain access to the NFTs.

Though unconfirmed, the @opensea hack is most likely phishing. Users authorize the "migration" as instructed in the phishing email and the authorization unfortunately allows the hacker to steal the valuable NFTs... pic.twitter.com/Fj5d9ImC2r

— PeckShield Inc. (@peckshield) February 20, 2022

Users are now advised to be wary of all communications from OpenSea in addition to revoking all permissions about the migration to the new smart contract.

We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of https://t.co/3qvMZjxmDB.

— OpenSea (@opensea) February 20, 2022

OpenSea co-founder and CEO Devin Finzer acknowledged the phishing attack while confirming that 32 users have lost NFTs so far. While the NFT marketplace is yet to decipher the ongoing attack, blockchain investigator Peckshield suspects a possible leak of user information (including email ids) that fuels the ongoing phishing attack.

However, Finzer has asked affected users to reach out to the company as he concluded:

“If you are concerned and want to protect yourself, you can un-approve access to your NFT collection.”

Related: UK tax authority makes first NFT seizure in VAT fraud case

Her Majesty’s Revenue and Customs (HMRC), the chief tax authority in the United Kingdom, seized three NFTs associated with a suspected tax evasion fraud.

As Cointelegraph reported, the suspects used fake identities and created 250 fake “shell” companies to evade 1.4 million British pounds (roughly $1.8 million) in value-added taxes.

Tags
Nft
Related Posts
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
OpenDAO (SOS), LooksRare (LOOKS) and WTF token: 3 airdrops, with 1 scam
NFTs continue to surge with what looks to be no end in sight. Since January 14, 2022 OpenSea notched trading volumes over $1.03 billion, and its latest rival, LooksRare, has eclipsed the platform according to data from DappRadar. What’s clear is that NFT collectors and traders appear to be shifting their sentiment on where they are seeing value. Since the start of 2022 there's been an emphasis on “community” with a buzz and advocacy of rewarding users for their participation. OpenSea has already generated more than $3.2 billion in total volume despite many NFT traders feeling that the marketplace betrayed …
Adoption / Jan. 21, 2022
Ethereum white paper predicted DeFi but missed NFTs: Vitalik Buterin
Rounding up the last decade, Ethereum co-founder Vitalik Buterin revisited his predictions made over the years, showcasing a knack for being right about abstract ideas than on-production software development issues. Buterin started the Twitter thread by addressing his article dated Jul. 23, 2013 in which he highlighted Bitcoin's (BTC) key benefits — internationality and censorship resistance. Buterin foresaw Bitcoin’s potential in protecting the citizens’ buying power in countries such as Iran, Argentina, China and Africa. However, Buterin also noticed a rise in stablecoin adoption as he saw Argentinian businesses operating in Tether (USDT). He backed up his decade-old ideas around …
Adoption / Jan. 2, 2022
How to convert your digital art into NFTs and sell it
What is an NFT? NFTs are nonfungible tokens. The adjective “nonfungible” is often used in economics to represent features such as uniqueness and non-interchangeability. In the crypto space, nonfungibility simply indicates that one item cannot be exchanged for another. A “token” as a unit of account is basically a certificate of validity stored on the decentralized blockchain, making digital assets traceable and accessible to everyone. As a result, NFTs are a one-of-a-kind virtual currency that can fall into pretty much any category and usually take the shape of paintings, videos, music, collectible items in video games or any other type …
Adoption / March 26, 2022
Bored Ape Yacht Club NFTs stolen in Instagram phishing attack
As told by Bored Ape Yacht Club (BAYC) developers on Monday, hackers breached the popular nonfungible token (NFT) collection’s official Instagram page and shared links to a fake airdrop with the project’s followers. Crypto enthusiasts who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. It appears that the attack was planned to coincide with the one-year anniversary of the launch of the BAYC collection, thus increasing the “perceived credibility” of the phishing link. Unconfirmed reports on social media indicate that approximately 100 NFTs were stolen during the phishing attack. Based on data from …
Adoption / April 25, 2022