OpenSea Users Lose $2 Million Of NFTs In Phishing Scam

OpenSea is investigating a phishing attack in which 17 of its users lost more than 250 NFTs worth around $2 million.

Clarifying issues related to the attack, OpenSea stated that the attack did not exploit any vulnerabilities on its platform or trading systems. The attack relied mainly on deceiving users via phishing.

The NFT platform warned users to remain vigilant and not to click on any link that does not belong to the domain.

Researchers at CheckPoint said the attackers were aware of OpenSea’s decision to upgrade its smart contract system, which will purge old and inactive listings on the platform.

While OpenSea has scheduled February 18 to 25 for the update, the company also sent out emails with instructions on how to handle the process.

The attackers prepared for the migration with emails and websites of their own. The emails were then sent to OpenSea customers who unknowingly fell for the trick and click on the malicious link.

Clicking on the link gave attackers access to a number of forwarding requests with verified parameters. As a result, the NFT property was passed on to the attackers.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web