17 Open Sea users lost their NFTs and suspect a long-term attack
Over the weekend, a hacker intercepted the regular activity of the marketplace and stole $2 million
The most popular platform for buying and selling non-fungible tokens (NFT) at the moment, has admitted to having been the victim of a malicious contract, which affected some of its users.
On the web, various assumptions of what happened were crossed, while the Open Sea community was alert to another possible attack. The data was updated a few hours ago.
Restless Internet users ask themselves the question and share it: Is Open Sea still safe? In addition to not forgetting the question “How does a hacker manage to steal USD$2 million after the platform made an update?”.
Loss of digital assets when changing the Open Sea Smart contract
Since the beginning of Saturday, some people who are part of the community of the Open Sea marketplace have been involved in an environment of impotence, because their digital assets had disappeared.
They all claimed not to have done anything out of the ordinary, other than logging into their accounts. They express that they did not notice any malicious situation.
The first thing you think about in a situation like this is that it must have been a mistake. A small bug caused by the smart contract change in Open Sea.
In other words, those responsible for that "momentary" loss fell on the largest platform of NFTs, and on its new V18F program.
Open Sea CEO reports that the disappearance of NFTs did not come from his platform
The previous idea was mitigated with the passing of the hours, until it disappeared completely when the CEO and co-founder of Open Sea, Devin Finzer reported that the loss of the tokens was a theft.
As indicated by Finzer, this was a cyber attack that came from outside the platform, thus assuring its users that Open Sea had had nothing to do with it.
The form of hack produced on this occasion was a "Phishing" attack , a type of digital theft through malicious links that manipulate the network to extract information from people on the web without their realizing it.
All this was reported by Finzer on his Twitter account during the early hours of Sunday, just at the moment when he had collected enough information about the events.
How did the hacker manage to get $2 million?
Certainly, the data affirms that the theft was spread through a type of “Phishing” attack. The anonymous entity sent a link to several emails belonging to Open Sea users.
Where it is recorded that 32 people interacted with this link sent to their accounts, by these numbers, at the beginning it was considered that the theft was worth approximately USD $200 million.
However, not all the people who clicked fell into the trap of writing down their data, deceived that it was a normal login to enter their account in the marketplace.
Of those 32 users , 17 people were scammed by the hacker, and he used their data and their signature to get high-value NFTs, for a completely zero cost.
The thief sold some NFTs obtained on the same platform
After the news of the "Phishing" theft was published, the hacker 's footsteps were followed throughout the cryptographic community, and although the person at this time remains anonymous, it is already known what he did with the NFTs.
He sold a large part of what was stolen and received a figure of USD $1.7 million, which fell and was registered in his Ethereum wallet last Sunday, February 20.
Devin Finzer was also in charge of publishing all this information, adding that the attacker's account after the sale was completely deactivated from his platform.
In addition, several NFTs were recovered and returned to their original owners. But, not all the victims have been paid yet.
The concern of whether Open Sea is still safe is still mentioned on the web
Similarly, users are concerned and modulate on the web about the coincidence that the attack came just when Open Sea performs its action of intelligent contact.
At the exact moment when there is more weakness in the network, the hacker appears and can somehow obtain the emails of several users and steal so much money in NFTs.
Rumors point to a possible exploit against the platform for the sale and purchase of non-fungible tokens. Those in charge claim to be continuously investigating, although it does not seem to generate more peace of mind.
This is because in an "exploit", the weaknesses of programs or hardware are taken to steal important information. This would explain where the hacker got the platform user emails from.
You could be led to assume that the marketplace platform could continue to be in danger of further attacks of this kind, with the potential to become even bigger.
Devin Finzer advises his users not to click on a link other than the original https://opensea.io, but denies that this attack was systematic.