Hackers Steal Nearly $2 Million of NFTs

  • By David Lukic
  • Published: Feb 22, 2022
  • Last Updated: Mar 18, 2022

The popular NFT OpenSea marketplace has been hacked. The digital thieves behind the attack stole $1.7 million worth of digital art in the heist.   

How Did the Attack Occur?

The theft of the NFTs is the result of a phishing attack: meaning platform users were manipulated through digital means. The phishing attack targeted 17 OpenSea users. These victims took the bait and unknowingly surrendered their valuable NFTs to the hacking collective.

The digital miscreants responsible for the hack used an email that appeared to be from OpenSea administrators to fool the platform’s users into thinking an upgrade was available. However, the message was completely phony. The targeted users who clicked the message were redirected to a website that looked similar to the OpenSea platform yet was illegitimate. The victims then followed the prompt to sign away their rights to their NFTs in what appeared to be a legitimate financial transaction. The end result of the phishing attack was the theft of the users’ NFTs.

The digital signature added to the proposed transaction opened the door for the hacking collective to use atomicMatch forwarded to OpenSea contracts. The NFTs were then transferred from the targets to the hackers.

What is OpenSea’s Response to the Attack?

OpenSea public representatives have stated they have been in the midst of a smart target migration. 
The migration began in mid-February, spanning a week’s time. The migration is a component of the company’s ongoing effort to tie up loose ends with dated NFT listings that are no longer active on the Ethereum blockchain. Unfortunately, this cleanup effort presented hackers with an opportunity to impersonate company representatives and manipulate targets into forking over their valuable NFTs without financial compensation in return.

An OpenSea spokesperson has stated the company is in the middle of investigating the source of the digital attack. The company has highlighted the fact that the targeted users of the platform signed the transactions in question prior to the point at which the company performed its smart target migration, as described above. In other words, it appears as though OpenSea is blaming the somewhat naive users of its platform for the attack.  

OpenSea made a statement that indicated it appears as though the attack is no longer active. The company’s representatives have noted there has not been any malicious activity on the platform in the previous 15 hours.

Are There Any Other Attacks NFT Owners Should be Aware of?

Indeed, there is another common NFT scam on the rise. Cyber thieves are taking advantage of the soaring popularity of these digital artworks to fool targets into willingly downloading a remote access trojan form of malware referred to as BitRAT. BitRAT is advanced to the point that it can pluck credentials directly out of browsers, stealing highly sensitive information, and even mine targets’ cryptocurrency.

How Can NFT Owners Avoid Similar Attacks in the Future?

For one, it will help to implement the latest internet privacy and security protections. Furthermore, users of OpenSea and others who own, buy, sell, and trade NFTs on other marketplaces should be hyper-aware of phishing scams. Signing a digital transaction provides another party with permission to access the NFTs in question as well as cryptocurrencies. It is a mistake to sign any such digital contract unless it is thoroughly reviewed. Furthermore, the legitimacy of the contract should be verified by the platform where the NFTs are sold, purchased, and traded. 

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What is Digital Citizenship? Etiquette & Examples

What is Digital Citizenship? Etiquette & Examples

When someone is born on US soil, they are a national citizen; with this distinction, they obtain a list of entitlements and benefits, as well as societal obligations and predetermined consequences for bad behavior.

What Does Incognito Mean, How Does It Work, and Is It Really Safe?

What Does Incognito Mean, How Does It Work, and Is It Really Safe?

How do you browse the Internet? Using a primary browser, you can turn on "incognito mode," which increases your privacy on singular devices but is also less concealing than other privacy tools like virtual private networks (VPNs).

AI Voice Cloning: The New Frontier for Cybercriminal Fraud and How to Protect Yourself

AI Voice Cloning: The New Frontier for Cybercriminal Fraud and How to Protect Yourself

Many members of the younger generations avoid answering phone calls. On the one hand, this avoidance may be personal, as voice calls can sometimes cause anxiety; however, there is more to these rejections than nervousness.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address