OpenSea NFT marketplace phishing exploit leads to theft from some user accounts

Published , by Asif Khan

Users of the OpenSea NFT marketplace have been victimized by an exploit of some sort. Some users are reporting NFTs being stolen, and many crypto commentators are unsure what exactly is going on. The company issued a statement on Twitter suggesting that phishing emails might be the cause.

OpenSea confirmed that the platform's smart contracts are the target of this attack, and it appears the attacker is using smart contract 0xa2c0946aD444DCCf990394C5cBe019a858A945bD to perpetrate this crime. According to Twitter user Jon_HQ, the smart contract is interacting with OpenSea's new exchange contract and then selling stolen NFTs to others to pull ethereum out. The thief's wallet currently holds over 640 ETH, amounting to $1.7 million. Jon_HQ strongly any users who interacted with the new OpenSea contract to revoke token approvals immediately.

Another prominent crypto Twitter user 0xfoobar believes the hacker is indeed taking advantage of a phishing attack launched several weeks ago, and is exploiting contracts right before all listings expire.

We now go to Dogecoin Cofounder Billy Markus for his take on the news:

Thanks, Billy!

This isn't the first time the crypto space has been victimized by theft and hacking, with Crypto.com getting hit just last month. Many investors are paying close attention to the NFT space, and tonight's problems at the world's largest NFT marketplace is cause for concern, but it is entirely possible that users clicked a bad link in a well-crafted phishing email. Either way, tonight's incident highlights the challenges cryptocurrency markets and NFT marketplaces face as new entrants like the NYSE and GameStop prepare to enter the fight.

The above tweet from CyphrETH appears to include a screenshot of the phishing email. It seems like some users may have accidentally signed a permission to the hackers. 

Developing...


This article is only meant for educational purposes, and should not be taken as investment advice. Please consider your own investment time horizon, risk tolerance, and consult with a financial advisor before acting on this information.