Hackers Steal Nearly $2 Million of NFTs
Table of Contents
- By David Lukic
- Published: Feb 22, 2022
- Last Updated: Mar 18, 2022
The popular NFT OpenSea marketplace has been hacked. The digital thieves behind the attack stole $1.7 million worth of digital art in the heist.
How Did the Attack Occur?
The theft of the NFTs is the result of a phishing attack: meaning platform users were manipulated through digital means. The phishing attack targeted 17 OpenSea users. These victims took the bait and unknowingly surrendered their valuable NFTs to the hacking collective.
The digital miscreants responsible for the hack used an email that appeared to be from OpenSea administrators to fool the platform’s users into thinking an upgrade was available. However, the message was completely phony. The targeted users who clicked the message were redirected to a website that looked similar to the OpenSea platform yet was illegitimate. The victims then followed the prompt to sign away their rights to their NFTs in what appeared to be a legitimate financial transaction. The end result of the phishing attack was the theft of the users’ NFTs.
The digital signature added to the proposed transaction opened the door for the hacking collective to use atomicMatch forwarded to OpenSea contracts. The NFTs were then transferred from the targets to the hackers.
What is OpenSea’s Response to the Attack?
OpenSea public representatives have stated they have been in the midst of a smart target migration.
The migration began in mid-February, spanning a week’s time. The migration is a component of the company’s ongoing effort to tie up loose ends with dated NFT listings that are no longer active on the Ethereum blockchain. Unfortunately, this cleanup effort presented hackers with an opportunity to impersonate company representatives and manipulate targets into forking over their valuable NFTs without financial compensation in return.
An OpenSea spokesperson has stated the company is in the middle of investigating the source of the digital attack. The company has highlighted the fact that the targeted users of the platform signed the transactions in question prior to the point at which the company performed its smart target migration, as described above. In other words, it appears as though OpenSea is blaming the somewhat naive users of its platform for the attack.
OpenSea made a statement that indicated it appears as though the attack is no longer active. The company’s representatives have noted there has not been any malicious activity on the platform in the previous 15 hours.
Are There Any Other Attacks NFT Owners Should be Aware of?
Indeed, there is another common NFT scam on the rise. Cyber thieves are taking advantage of the soaring popularity of these digital artworks to fool targets into willingly downloading a remote access trojan form of malware referred to as BitRAT. BitRAT is advanced to the point that it can pluck credentials directly out of browsers, stealing highly sensitive information, and even mine targets’ cryptocurrency.
How Can NFT Owners Avoid Similar Attacks in the Future?
For one, it will help to implement the latest internet privacy and security protections. Furthermore, users of OpenSea and others who own, buy, sell, and trade NFTs on other marketplaces should be hyper-aware of phishing scams. Signing a digital transaction provides another party with permission to access the NFTs in question as well as cryptocurrencies. It is a mistake to sign any such digital contract unless it is thoroughly reviewed. Furthermore, the legitimacy of the contract should be verified by the platform where the NFTs are sold, purchased, and traded.
