Security News > 2022 > February > OpenSea users lose $2 million worth of NFTs in phishing attack
The non-fungible token marketplace OpenSea is investigating a phishing attack that left 17 of its users without more than 250 NFTs worth around $2 million.
Phishing actors are always looking for ways to take advantage of changes that require users to take action and the OpenSea NFT theft is no different.
Researchers at Check Point say in a report today that the phishing actors knew about OpenSea upgrading its smart contract system to purge old and inactive listings on the platform and prepared for the migration with emails and websites of their own.
OpenSea informed its users that they had to update their listings between February 18 - 25 if they wanted to continue using the platform.
The phishing actors took advantage of this process and used their own email addresses to send out the message from OpenSea to validated users, tricking them into thinking their original confirmation didn't go through.
OpenSea was quick to point that the attack doesn't exploit any vulnerabilities on the platform or its trading systems, but instead relies solely on deceiving users through phishing.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)
- CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (source)