OpenSea, one of the biggest NFT marketplaces in the world, has reportedly fallen into a trap for an ongoing phishing attack. The attack came about after the marketplace announced a week-long planned upgrade to delist most of the inactive NFTs that are on its platform.
Just the previous day saw the marketplace announcing a smart contract upgrade, which would require users to migrate their listed NFTs from the blockchain of Ethereum to a completely new Smart contract. As a direct result of this upgrade, most of the users that wouldn’t move over from Ethereum would risk out on their old, inactive listings.
OpenSea Falls Victim To Phishing Attack
Interestingly, the short deadline and the apparent urgency did manage to open up a slightly tiny window of opportunity for the multitude of hackers. Within hours after the upgrade announcement from OpenSea, reports from various sources emerged- regarding an ongoing attack that would target the soon-to-be delisted NFTs.
Ongoing investigations have revealed that the attackers mainly used phishing emails to steal the delisted NFTs before they started getting migrated to the new smart contract of OpenSea. Once a user went about authorizing the NFT migration from the fraudulent email, the attackers would gain access to that NFT. Users have now been advised to be careful about any and all communications coming from the marketplace along with revoking all permissions about the migration to the new smart contract of the marketplace.
The attacks were confirmed by Devin Finzer, the CEO and co-founder of OpenSea, who stated that 32 users have already lost their NFTs. While the marketplace is yet to decipher the currently ongoing attack, Peckshield- a blockchain investigator- has suspected a possible leak of user information that has been fueling the ongoing attack.
