Hacker steals over $1.7 million worth of NFTs from OpenSea users

midian182

Posts: 9,662   +121
Staff member
What just happened? OpenSea, a service recently valued at over $13 billion, has seen at least 32 of its users affected by what was apparently a phishing attack, resulting in millions of dollars worth of NFTs being stolen.

The Verge reports that 254 tokens purchased from OpenSea were stolen from the wallets of users between 5 PM and 8 PM ET on Saturday. Some of the more expensive NFTs came from Decentraland, Bored Ape Yacht Club, and Mutant Ape Yacht Club—here’s a complete list of pilfered digital assets.

Devin Finzer, the co-founder and CEO of OpenSea, has reassured users that the site is fine. He added that “as far as we can tell,” the victims had fallen for a “phishing attack.” He linked to an explanation on how the hack was enabled by exploiting the Wyvern Protocol used for most NFT smart contracts. Targets signed part of the contract, while attackers completed the rest, transferring ownership of the NFTs. Exactly how the hackers achieved this is unclear.

But there are those who disagree with the phishing attack claim. Kotaku notes that some victims say the only common link between them was that they all manually migrated their NFT collections to a new smart contract on the platform, which was performed because it “fixes an issue with inactive listings that was allowing scammers to swipe valuable NFTs from collectors on OpenSea.”

Again, though, others dispute this claim. “I checked every transaction,” said Neso, the user who explained how the Wyvern order was exploited. “They all have valid signatures from the people who lost NFTs so anyone claiming they didn’t get phished but lost NFTs is sadly wrong.” OpenSea has also denied that the new contracts were the origin of the hack.

Exactly how much the stolen NFTs were worth is being disputed, too. Finzer said the attacker has $1.7 million in his wallet from selling some of the stolen tokens, but another report claims the perpetrator made $2.9 million. It also appears that some of the NFTs along with some of the money they were sold for were returned to the owners.

It’s not been an easy time for OpenSea recently. It limited the number of NFTs people could create using its free minting tool to 50 last month, explaining that over 80% of the tokens created using this feature were counterfeit, used plagiarized content, or were spam. But the service reversed its decision and lifted the limit following an outcry from users.

Permalink to story.

 
I recently saw a video on NFTs by Folding ideas. It's a long one but he does a great job at explaining why it's never an actual hack and always just a social engineering scheme: system itself is secure but it's really easy to target gullible, insecure people that are not experienced enough with technology to be holding such valuable "goods" and *that* is why it works so good: Average NFT Ape tech bro is actually pointing himself out as a good target for social engineering because well, he bought and NFT ape for hundreds of thousands in some cases: By buying the bored ape is like they already answered the Nigerian Prince email: they point themselves out as exactly the type of person who could be tricked into giving them access.
 
With
I recently saw a video on NFTs by Folding ideas. It's a long one but he does a great job at explaining why it's never an actual hack and always just a social engineering scheme: system itself is secure but it's really easy to target gullible, insecure people that are not experienced enough with technology to be holding such valuable "goods" and *that* is why it works so good: Average NFT Ape tech bro is actually pointing himself out as a good target for social engineering because well, he bought and NFT ape for hundreds of thousands in some cases: By buying the bored ape is like they already answered the Nigerian Prince email: they point themselves out as exactly the type of person who could be tricked into giving them access.


That video was definitely worth watching - especially by anyone who could be drawn into this nonsense.
 
I wonder how they arrived at the 1.7 million figure. They probably took 17 cents, and added a few zeros, "for insurance purposes".
 
I wonder how they arrived at the 1.7 million figure. They probably took 17 cents, and added a few zeros, "for insurance purposes".

Since the value of nft's and crypto is all made up anyway, guess you could just pick any random amount and claim it was "worth" that.
 
Since the value of nft's and crypto is all made up anyway, guess you could just pick any random amount and claim it was "worth" that.
As long as you can get your insurance company to buy into it, shoot for the moon. (Figuratively speaking, of course).

Someone here said something to the effect of, "Crypto and NFTs are a capitalist's wet dream. Now you can rake in people's money without offering anything in the way of tangible goods in return"...
 
Last edited:
I sometimes think their is an infinite supply of suckers . I mean betting companies can offer dead certs in advertising - get a free $100 to gamble - put in on Germany vs Faroe Islands - cash out $100.20 to your bank . Didn't some Casinos have specials in Black Jack where the payouts 101% - yet they still win - oh I feel real lucky - I'm going to get a 2 or an Ace
 
Back