The NFT Exploit was most likely a phishing attack, says OpenSea's CEO

"We don't believe it's tied to the OpenSea website," says CEO Devin Finzer of the attack.


OpenSea is "currently examining rumors of an exploit" that occurred on the popular Ethereum NFT marketplace on Saturday, according to the company. Digital assets, including NFTs from the Cool Cats and Doodle collections, were reported stolen by users.
OpenSea

OpenSea is "currently examining rumors of an exploit" that occurred on the popular Ethereum NFT marketplace on Saturday, according to the company. Digital assets, including NFTs from the Cool Cats and Doodle collections, were reported stolen by users.


But, according to co-founder and CEO Devin Finzer, the attack didn't target OpenSea at all, but rather the people who use the marketplace to trade and manage their digital assets.



This appears to be a phishing attack, as far as we can tell, he tweeted about halfway through the probe. "We don't think it has anything to do with the OpenSea website."


It appears that 32 users have signed a malicious payload from an attacker so far, with part of their NFTs taken."


In other words, consumers may have been duped into shifting their NFTs into someone else's wallet by official-looking emails. That address, dubbed Fake Phishing5169 by blockchain explorer Etherscan, now has a balance of 641 ETH worth almost $1.7 million.


If Finzer's theory is right, the attackers chose an ideal time to conduct the phishing attack. OpenSea launched a new smart contract on Friday, requesting that users move their holdings.


Ironically, the new smart contract was created to prevent a different form of exploit, in which holders sold their assets at bargain-basement rates without their knowledge.


Finzer advised users to use the official opensea.io website whenever possible and to be wary of suspicious emails.