OpenSea probe concludes millions of dollars worth of NFTs were stolen in phishing attack

UPDATE: (10:38 AM Sunday): Early Sunday morning, Finzer said that the firm concluded—based on internal and external conversations—that the incident was a phishing attack and did not originate from OpenSea's website. 

"We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures," he said on Twitter. "Huge thanks to the users that hopped on the phone with us directly."


UPDATE: (11:01 PM): OpenSea co-founder Devin Finzer tweeted that the firm was still investigating the incident, adding that they believe it stemmed from a "phishing attack."

He added: "We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen."

Finzer suggested impacted users reach out to the firm via Twitter support


THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The nascent market for non-fungible tokens was sent into a tizzy Saturday evening after millions of dollars worth of NFTs on OpenSea were swiped by a hacker.

At the time of writing, it is not clear if the assets were stolen via a breach stemming from a deficiency in OpenSea’s platform or a phishing attack—a commonplace way for thieves to access accounts through factitious emails. 

“We are actively investigating rumors of an exploit associated with OpenSea related smart contracts,” the firm said in a tweet. “This appears to be a phishing attack originating outside of OpenSea’s website.”

A spokeswoman for the firm directed The Block to this tweet when reached for further updates.

At this point The Block can confirm that the hacker has stollen more than $3 million in assets, which includes popular NFTs like Bored Apes, Azuki and CloneX.

The CEO of Nansen, Alex Svanevik, estimates that about 19 OpenSea users have been impacted.

OpenSea—which recently raised at a valuation topping $13 billion—is one of the largest platforms for NFT trading. It counts Andreessen Horowitz and actor Ashton Kutcher as backers. 

This post was updated from its original form to include new information. 

About Author

Frank Chaparro is Host of The Scoop podcast and Director of Special Projects. He also writes a biweekly newsletter. Chaparro started his career at Business Insider, where he specialized in the intersection of digital assets and Wall Street, market structure, and financial technology. Soon after joining Business Insider out of Fordham University, Chaparro was interviewing top finance and tech executives, including billionaire Mark Cuban, “Flash Boys” star Brad Katsuyama, Cboe Global Markets CEO Ed Tilly, and New York Stock Exchange President Tom Farley. In 2018, he become a sought after reporter in the crypto world, interviewing luminaries such as Tyler Winklevoss, the cofounder of Gemini, Jeremy Allaire, the CEO of Circle, and Fundstrat head Tom Lee. For inquiries or tips, email [email protected].