OpenSea CEO Devin Finzer Responds to the Recent Phishing Attack

Finzer stated that the attack "did not originate on opensea.io" and that he is assisting individuals who have been impacted.

NFT collectors have been reported to be losing NFTs and Ethereum from their wallets. Thus, OpenSea has officially confirmed that the incident was the result of a phishing assault, with over $1.7 million in assets sent to the malicious wallet, now known as Fake Phishing5169.

Although the fraudulent wallet began making transactions in December, reports of phishing activities only started yesterday. This wallet has also been in contact with another wallet that has been identified as part of an OpenSea phishing scheme.

Several NFTs from collections with high floor prices, such as Bored Ape Yacht Club NFTs, Cool Cats, Doodles, and Azuki NFTs, have been transferred in the last 24 hours. Rarible and LooksRare, two competitor NFT markets, had also transacted with the Fake Phishing5169 address.

“We have confidence that this was a phishing attack,” OpenSea CEO Devin Finzer said, few hours after the news went public. “We have confidence that this was a phishing attack. We don’t know where the phishing occurred.” However, the company believes the attack was not originated from the OpenSea domain, and neither the ‘no real’ OpenSea emails nor the OpenSea site banner were used in the attack.

“Minting, buying, selling, or listing items using opensea.io is not a vector for the attack. In particular, signing the new smart contract (the Wyvern 2.3 contract) is not a vector for the attack,” said Finzer, also clarifying that OpenSea’s listing migration tool was not involved in the attack.

OpenSea, according to Finzer, is continuing to study the matter despite intermittent pauses in the attacker's activity. He also stated that a thread posted on Twitter by user Neso is "consistent" with his/her version of the events. Those who lost assets, according to Neso, signed half of a legitimate wyvern order, which is a decentralized exchange system for asset transfers.

To avoid losing NFT and Ethereum tokens, it is advisable to use Etherscan's Token Approval tool to revoke access and consider shifting valuable assets to a hardware wallet.