Hackers Steal Nearly $2 Million of NFTs

  • By David Lukic
  • Feb 22, 2022

The popular NFT OpenSea marketplace has been hacked. The digital thieves behind the attack stole $1.7 million worth of digital art in the heist.   

How Did the Attack Occur?

The theft of the NFTs is the result of a phishing attack: meaning platform users were manipulated through digital means. The phishing attack targeted 17 OpenSea users. These victims took the bait and unknowingly surrendered their valuable NFTs to the hacking collective.

The digital miscreants responsible for the hack used an email that appeared to be from OpenSea administrators to fool the platform’s users into thinking an upgrade was available. However, the message was completely phony. The targeted users who clicked the message were redirected to a website that looked similar to the OpenSea platform yet was illegitimate. The victims then followed the prompt to sign away their rights to their NFTs in what appeared to be a legitimate financial transaction. The end result of the phishing attack was the theft of the users’ NFTs.

The digital signature added to the proposed transaction opened the door for the hacking collective to use atomicMatch forwarded to OpenSea contracts. The NFTs were then transferred from the targets to the hackers.

What is OpenSea’s Response to the Attack?

OpenSea public representatives have stated they have been in the midst of a smart target migration. 
The migration began in mid-February, spanning a week’s time. The migration is a component of the company’s ongoing effort to tie up loose ends with dated NFT listings that are no longer active on the Ethereum blockchain. Unfortunately, this cleanup effort presented hackers with an opportunity to impersonate company representatives and manipulate targets into forking over their valuable NFTs without financial compensation in return.

An OpenSea spokesperson has stated the company is in the middle of investigating the source of the digital attack. The company has highlighted the fact that the targeted users of the platform signed the transactions in question prior to the point at which the company performed its smart target migration, as described above. In other words, it appears as though OpenSea is blaming the somewhat naive users of its platform for the attack.  

OpenSea made a statement that indicated it appears as though the attack is no longer active. The company’s representatives have noted there has not been any malicious activity on the platform in the previous 15 hours.

Are There Any Other Attacks NFT Owners Should be Aware of?

Indeed, there is another common NFT scam on the rise. Cyber thieves are taking advantage of the soaring popularity of these digital artworks to fool targets into willingly downloading a remote access trojan form of malware referred to as BitRAT. BitRAT is advanced to the point that it can pluck credentials directly out of browsers, stealing highly sensitive information, and even mine targets’ cryptocurrency.

How Can NFT Owners Avoid Similar Attacks in the Future?

For one, it will help to implement the latest internet privacy and security protections. Furthermore, users of OpenSea and others who own, buy, sell, and trade NFTs on other marketplaces should be hyper-aware of phishing scams. Signing a digital transaction provides another party with permission to access the NFTs in question as well as cryptocurrencies. It is a mistake to sign any such digital contract unless it is thoroughly reviewed. Furthermore, the legitimacy of the contract should be verified by the platform where the NFTs are sold, purchased, and traded. 

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Caesars Entertainment Gets Hacked, Exposing Countless Gamblers

Caesars Entertainment Gets Hacked, Exposing Countless Gamblers

Caesars Entertainment is one of the largest casino companies in the United States and is well-known for its loyalty program. The company serves countless customers in Las Vegas and elsewhere throughout the world.

Travel Technology Company Sabre Suffers a Vast Data Breach

Travel Technology Company Sabre Suffers a Vast Data Breach

Sabre is a huge technology company that serves as a powerful travel reservation system for many of the major hotels and airlines in the United States.

Weekly Cybersecurity Recap September 15

Weekly Cybersecurity Recap September 15

This week, data breaches were particularly bad, with attacks impacting travel technology giant Sabre, production giant Johnson and Johnson, and medical company Amerita.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address