OpenSea NFT Exploit Was Likely a 'Phishing Attack'
"We don’t believe it’s connected to the OpenSea website." says Devin Finzer, OpenSea CEO.
OpenSea is currently investigating rumors of an exploit that occurred on the popular Ethereum NFT marketplace on Saturday. Digital assets, including NFTs from the Cool Cats and Doodle collections, were reported stolen by users.
According to co-founder and CEO Devin Finzer, the attack didn't target OpenSea at all, but rather the people who use the marketplace to trade and manage their digital assets.
NFT collectors may have been tricked by receiving official-looking emails making them transfer their NFTs into someone else's wallet. That address, dubbed Fake Phishing5169 by blockchain explorer EtherScan, now has a balance of 641 ETH worth almost $1.7 million.
If Finzer's theory is right, the attacker(s) chose an ideal time to conduct the phishing attack. OpenSea launched a new smart contract on Friday, requesting that users move their holdings. Ironically, the new smart contract was created to prevent a different form of exploit, in which holders sold their assets at bargain-basement rates without their knowledge.
Finzer advised OpenSea users and NFT collectords to use the official opensea.io website whenever possible and to be wary of suspicious emails.