English
German
Portuguese
Spanish
Romanian
Web3, the famously decentralised internet technology that has centralised much of the NFT marketplace into a single shopfront (Opensea), woke over the weekend to find that some of its user’s wallets had reportedly been compromised, and loads of precious NFTs stolen.
The alarm was sounded yesterday, when some users began noticing that some NFTs—including some Bored Ape Yacht Club and Mutant Ape Yacht Club jpgs—were missing from their wallets. Aside from the fact it appears to have been the work of a single person (or at least a single account) that’s all we know for sure at time of posting. How all that stuff went missing, and just how much the heist is “worth”, are two of the particulars still up in the air.
Opensea co-founder and CEO Devin Finzer says the site is fine, and that “as far as we can tell” those affected were the victims of a “phishing attack”
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures. Huge thanks to the users that hopped on the phone with us directly.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
Other users, though, aren’t so sure. Some victims say they never opened any emails, and that the only thing they all had in common was that they had manually migrated their collections to a new smart contract on the platform (a move that was itself implemented because it “fixes an issue with inactive listings that was allowing scammers to swipe valuable NFTs from collectors on OpenSea”):
HEY EVERYONE. I CONNECTED WITH A FEW OTHER PEOPLE WHO GOT HACKED JUST NOW.
— AlabasterJefferson (@AJFromDiscord) February 19, 2022
ALL OF US ONLY HAVE ONE THING IN COMMON.
ALL OF OUR STOLEN NFT'S WERE ONES WE MANUALLY MIGRATED ON OPENSEA. @opensea you have so much explaining to do now.
Also unknown is the exact dollar value of what was stolen. While of course it’s impossible to put a definitive pricetag on stolen NFTs, since everybody outside the cult would say they’re valued at “nothing”, estimates on the “worth” of the heist among these dorks range from the ludicrous ($200 million) to much more modest sums (Finzer himself says “The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs”). A third possibility is that the attacker actually made off without around $2.9 million, which they were able to do by selling the stolen NFTs on...Opensea.
Read the full article on Kotaku
