OpenSea Scammers Went Phishing and Caught Over 250 NFTs From 17 Users

Scammers made off with 254 NFTs, including a few Bored Ape Yacht Club NFTs, according to data from blockchain security firm PeckShield

article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • “This attack did not originate on [OpenSea],” the company’s CEO and co-founder said
  • Last week, OpenSea launched a customer service server to mitigate risk of fraudsters pretending to be members of the company’s staff

NFT traders Monday were parsing the aftermath of an OpenSea phishing attack that resulted in hundreds of NFTs being stolen over the weekend.

The attack appears to be over, with 17 victims, a revision from the 32 people originally thought to be affected, according to OpenSea.

“This attack did not originate on [OpenSea],” Devin Finzer, CEO and co-founder, wrote in a series of tweets. The company is working with users as it aims to uncover who is responsible, Finzer said.

Finzer dismissed reports of the attack being worth over $200 million and said the hacker had $1.7 million of ether in their wallet, confirmed by Etherscan records.

An OpenSea spokesperson declined to comment further and referred Blockworks to the company’s tweets.

OpenSea is the largest NFT (non-fungible token) marketplace by trading volume and has over 80 million NFTs across two million collections. The platform had $70.78 million in Ethereum-based volume on Monday, down 58% from $169.26 million a month ago, according to data by Dune Analytics user rchen8.

The hacker made off with 254 NFTs during the attack, including a few Bored Ape Yacht Club NFTs, according to a spreadsheet by blockchain security firm PeckShield. The most NFTs stolen during the phishing attack were 37 Azukis, according to data by Dune Analytics user Jelilat.

The users authorized the “migration” as instructed in the phishing email, and the authorization allowed the hacker to steal the NFTs, PeckShield tweeted.

As such, the malicious orders were all backed by valid signatures from users who fell for the phishing scam, Nadav Hollander, OpenSea’s chief technology officer tweeted Sunday.

The attacker had users connect their crypto wallets to a fraudulent site, according to reports, where they signed approvals with Wyvern Exchange to give the attacker control of their NFTs. 

Wyvern Exchange is a decentralized crypto exchange on the Wyvern Protocol that interacts with the Ethereum blockchain.

“The attacker appears to have exploited users by having them sign a fraudulent signature to approve a private sale of [their] NFT at 0 ETH to the attacker’s wallet,” The OpenDAO wrote in a post. “Unfortunately nobody ever reads what they signed.”

Phishing scams often occur through text messages or emails with deceptive messages, ads or sites that look legitimate. While scams happen across industries, some community members call it a mistake for OpenSea to use email in general.

The co-founder of Pixel Vault, who goes by the pseudonym Beanie, called email “an archaic way to communicate” that “opens up even sophisticated users to risk of being exploited through phishing scams.

“The OpenSea email alert system never really worked anyhow, as it was overrun with spam,” Beanie tweeted.

While messaging platforms such as Discord or Blockscan Chat allow users to log in with Ethereum addresses to message wallet-to-wallet, there are limited new avenues for companies to communicate with their users.

Last week, OpenSea launched a customer service server with Web3 communications platform Metalink to mitigate the risk of fraudsters pretending to be members of the company’s staff, Blockworks reported.

“Our goal is to create a direct channel for you to interact with OpenSea to get support, offer feedback, receive updates, and to share any other information that will help us better serve you,” Stevey Tromberg, OpenSea’s head of community, said in a statement

The partnership was created after alleged scammers previously impersonated OpenSea’s employees to deceive other NFT owners in its Discord chat, which resulted in them losing millions of dollars.

“NFT communities deserve a safe and secure place where they can connect and thrive,” Jake Udell, the founder of Metalink, said.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research

article-image

Turns out that owning the end-user via a crypto wallet is quite a prosperous business

article-image

The announcement followed growing speculation that Gensler would announce his exit before Trump takes office next year

article-image

HashKey Capital’s Jupiter Zheng highlighted three success areas he’s watching: Ethereum, Solana and certain tokens in DeFi

article-image

Jack explored the various AI and memecoin projects that have sprung up over the past month

article-image

If gold remains steady today, a single move from bitcoin to $98,500 would do it

article-image

Revenue estimates for the third quarter come in at $33 billion, which would be an 83% increase from the prior year