OpenSea just announced a smart-contract upgrade. Users will need to migrate their NFTs from Ethereum to a new smart deal. Users who don’t migrate from Ethereum to the new smart contract could lose their inactive listings. There are currently no gas fees.
OpenSea, a major non-fungible token (NFT), marketplace, reportedly fell victim to an ongoing Phishing attack just hours after it announced a planned upgrade to delist inactive NFTs.
Hackers had a narrow window of opportunity because hackers were able to exploit the urgency and deadline. Multiple reports emerged within hours of OpenSea’s upgrade announcement about an ongoing attack on NFTs that was soon to be delisted.
OPENSEA EXPLOITED Tag @opensea for them to pause the new contract while they figure out what’s up with the exploit! #NFT #NFTs #NFTTheft #NFTScam #NFTSecurity #NFTAlert
— gt_dog (@gt_dog84), February 20, 2022
Further investigation revealed that the attackers used phishing email to steal NFTs. The attackers can gain access to NFTs once a user has authorized the NFT migration via the fraudulent email.
Although it is not confirmed, the hack at @opensea appears to be phishing. Users authorize the “migration” as instructed in the phishing email and the authorization unfortunately allows the hacker to steal the valuable NFTs… pic.twitter.com/Fj5d9ImC2r
— PeckShield Inc., (@peckshield), February 20, 2022
OpenSea is now advising users to be cautious about all communications and to cancel all permissions regarding the migration to the smart contract.
Rumours of an exploit involving OpenSea-related smart contracts are being investigated. This seems to be a phishing attempt that originated outside of OpenSea. Do not click links outside of https://t.co/3qvMZjxmDB.
— OpenSea (@opensea), February 20, 2022
Devin Finzer, OpenSea CEO and co-founder, acknowledged the phishing attack. He also confirmed that 32 users had lost NFTs. Peckshield, a blockchain investigator, suspects that there may be a leak of user information (including email addresses) that fuels the ongoing NFT attack.
Finzer, however, has requested that affected users contact the company.
You can de-approve your NFT collection access if you are concerned or want to be protected.
Related: UK tax authority makes first NFT seizure in VAT fraud case
Three NFTs were seized by Her Majesty’s Revenue and Customs (HMRC), which is the main tax authority in the United Kingdom. They were associated with suspected tax evasion fraud.
Cointelegraph reported that the suspects created 250 fake shell companies and used false identities to evade 1.4million British Pounds (roughly $1.8million) in value-added tax.
Eileen Wilson –Technology and Energy
My Name is Eileen Wilson with more than 5 years of experience in the Stock market industry, I am energetic about Technology news, started my career as an author then, later climbing my way up towards success into senior positions. I can consider myself as the backbone behind the success and growth of topmagazinewire.com with a dream to expand the reach out of the industry on a global scale. I am also a contributor and an editor of the Technology and Energy category. I experienced a critical analysis of companies and extracted the most noteworthy information for our vibrant investor network.