If you’ve ever wanted to trade NFTs, whether you’re trying to buy them or sell them, OpenSea is probably one of the biggest and most popular platforms for that. Unfortunately, it appears that the platform has been targeted by a phishing attack that has since resulted in $1.7 million worth of NFTs being stolen.
Now, it should be made clear that OpenSea itself wasn’t hacked, but rather its users were targeted in a phishing attack. This attack was sent to the platform’s users in the form of an email designed to look like an OpenSea Community Update.
In the email, it asked users to migrate their Ethereum listings to a new smart contract, and since OpenSea had announced their own smart contracts the day before, this email didn’t look entirely out of place.
According to the reports, 32 OpenSea users were affected by the email and signed the contract which contained a malicious payload that essentially signed over their NFTs to the attacker. 32 users doesn’t seem like a lot, but given how much NFTs are valued these days, it was said to be worth $1.7 million.
The good news is that some of the NFTs that were stolen have since been returned, while some have been sold by the attacker. The company is now investigating the incident to determine how the attack took place.