Security News > 2022 > February > Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace

Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million.

The opportunistic social engineering scam swindled the users by using the same email from OpenSea notifying users about the upgrade, with the copycat email redirecting the victims to a lookalike webpage, prompting them to sign a seemingly legitimate transaction, only to steal all the NFTs in one go.

"From there, the atomicMatch would be forwarded to the OpenSea contract," leading to the transfer of the NFTs from the victim to the attacker.

The company said it's still investigating the exact source of the attack, noting that the malicious orders had been signed by the victims before OpenSea carried out its migration.

"The attack does not appear to be active at this time. There has been no activity on the malicious contract in >15 hours," OpenSea said in an update.

"Signing a transaction is similar to giving someone permission to access all your NFT's and cryptocurrencies," Check Point said.

News URL

https://thehackernews.com/2022/02/hackers-steal-17-million-worth-of-nfts.html