After hours, when OpenSea announced an upgrade to delist inactive Non-Fungible Tokens (NFTs) on its platform, few users were the target explicitly. Users were actually targeted through a phishing attack masked as a legitimate email concerning the planned upgrade.
Also, as per the original OpenSea update, the platform advised its customers to move their Ethereum-based NFTs. Users move the NFTS to a new smart contract address. A move that will cost no cent per gas fee. Users who do not complete the migration as instructed stand the chance of losing their old and inactive tokens. Further, Drawing on this detail, PeckShield, blockchain security and data analytics company is saying that the platform’s “Users authorize the “migration”. Though, the authorization, unfortunately, allows the hacker to steal the valuable NFTs.”
Moreover, In a Twitter update shared by OpenSea’s Co-Founder and CEO, Devin Finzer, the attacker’s address has remained inactive for the time being. As per OpenSea, some of the stolen NFTs have are in the ownership of their owners.
However, they are not aware of any recent phishing emails that have been sent to users. However, at this time, we do not know which website was tricking users into maliciously signing messages.”
OpenSea is the world’s largest marketplace for trading NFTs. Also, the platform has been the target of many malicious workers in recent times.