Mintable pledges to return NFTs stolen in OpenSea exploit

Published at: Feb. 23, 2022

Major nonfungible token (NFT) marketplace OpenSea announced a service upgrade on Saturday, which requested that users migrate their listed assets from the Ethereum (ETH) blockchain to a newly created smart contract.

However, in the hours that followed, 32 users of the platform became victims of a targeted email phishing attack which resulted in an anonymous entity stealing $1.7 million worth of ETH.

OpenSea CEO, Devin Finzer published a tweet thread explaining that the breach was orchestrated via fake email scams which assured users of their OpenSea identity, convinced them to sign a digital message with their wallet, and therefore unknowingly granted a transferable license to the asset from the hacker.

CTO Nadav Hollander also published a tweet account stating that “none of the malicious orders were executed against the new (Wyvern 2.3) contract, indicating that they were signed before the migration and are unlikely to be related to OpenSea’s migration flow."

Following on from this, Hollander called for greater security education in the Web3 space, specifically around the signing of off-chain messages.

Here's a technical deep dive on recent events, from our CTO: https://t.co/2x2CBBCNtY

— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022

Three of the lost NFTs belonged to the popular NFT collection Azuki. The project, which had 10,000 avatars, is centered around cultivating an inclusive metaverse community made up of Web3 artists and advocates.

The projects acquired inspiration from the Azuki bean — also named an Adzuki bean — an Eastern Asian culinary staple, as well as a message of good omen in Japanese culture. References to taking the red bean and the upcoming BEAN token establish this intention. Azuki currently has a floor price of 11.79 ETH, equivalent to $32,155.

Related Mintable app to support minting NFTs on the layer two Immutable X protocol

In a philanthropic turn-of-events, NFT marketplace Mintable purchased three of the Azuki's on rapidly emerging OpenSea competitor, LooksRare for 0.2 ETH below the floor price, and now intends to reunite them with their original owners.  

Mintable founder and CEO, Zach Burks, openly criticized OpenSea’s lack of response to the exploit, stating: “Sadly it looks like even though they have over a billion in cash on hand, they can't afford a 1.7m refund to their users.”

Burks revealed that Mintable is working alongside the Azuki team, and the product manager Demna, to find a proper solution for the holders, with the NFTs expected to be returned to their rightful owners within the coming days.

This weekend when buying azukis for our fire sale (selling below floor for free profit to users) we discovered some of the stolen @AzukiZen from the opensea hackb...We decided to buy them and give them back to who they were stolen from. Here's what happened1/ https://t.co/cNhIvCMhso

— Zach Burks (@ZachSpaded) February 23, 2022
Tags
Nft
Related Posts
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
Yuga Labs’ BAYC, OtherSide Discord groups breached, over 145 ETH stolen
Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack, with investors losing over 145 Ether (ETH) or nearly $260,000 at the time of writing. OKHotshot, a blockchain detective and a member of the Crypto Twitter community, alerted crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs. BAYC & OtherSide discords got compromised‼️ Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in …
Blockchain / June 5, 2022
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
Google Ads-delivered malware drains NFT influencer’s entire crypto wallet
An NFT influencer claims to have lost “a life-changing amount” of their net worth in nonfungible tokens (NFTs) and crypto after accidentally downloading malicious software found in a Google Ad search result. The pseudo-anonymous influencer known on Twitter as “NFT God” posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” came under attack including a compromise of his crypto wallet and multiple online accounts. Last night my entire digital livelihood was violated. Every account connected to me both personally and professionally was hacked and used to hurt others. Less importantly, I lost a life changing …
Blockchain / Jan. 16, 2023
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move
Kevin Rose, the co-founder of the nonfungible token (NFT) collection Moonbirds, has fallen victim to a phishing scam leading to more than $1.1 million worth of his personal NFTs stolen. The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on Jan. 25 asking them to avoid buying any Squiggles NFTs until they manage to get them flagged as stolen. I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ... — KΞVIN R◎SE (,) (@kevinrose) …
Blockchain / Jan. 26, 2023