OpenSea, a leading marketplace for NFTs, is investigating the “rumors of an exploit” involving smart contracts connected to its platform following an outbreak of panicked tweets from traders who lost valuable tokens.
According to PeckShield, a blockchain security firm that audits smart contracts, the exploit is likely phishing, through which a malicious contract is hidden within a disguised link. One of the possible sources of the link was an email about the migration process sent to all employees.
In addition to the ETH held by the attacker’s address (slapped with a phish/hack warning badge by blockchain explorer Etherscan), ether worth $1.7 million, two Cool Cats, one Azuki, and three tokens from the Bored Ape Yacht Club.
An exploit involving smart contracts related to OpenSea is under investigation, according to a post on Twitter made by OpenSea Saturday night.
Read: Crypto: Why NFTs can bail Nigeria’s ailing Education Sector
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of https://t.co/3qvMZjxmDB.
— OpenSea (@opensea) February 20, 2022
“Apparently, an external website is behind the phishing attack. Links outside of opensea.io shouldn’t be clicked,” OpenSea said.
In a tweet later, OpenSea CEO, Devin Finzer reported that “32 users’ NFTs have been hacked after signing a malicious payload.”
Read: How NFTs can protect Nigeria’s cultural heritage
He added that the company was unaware of any recent phishing emails sent to users, and suggested that a fraudulent website could be responsible.
On Friday, OpenSea will release a brand-new smart contract to revamp its trading platform code (basically, the code that governs it). Old, inactive listings on the platform were eventually to be removed with the upgraded contract.
A trader posted an email he thought was from OpenSea regarding contract B migration.
https://twitter.com/ScottBussing/status/1495229984918540289
How to protect your NFTs
- Your first step is to choose a crypto wallet in which to store your NFTs. Software wallets (hot) and hardware wallets (cold) are the two types.
- In most NFT marketplaces, to create an account on the platform, you must have a software wallet. They enable transactions on dApps, or NFT markets for that matter, more conveniently, even when they are connected to the internet, which exposes your private keys to some degree of risk. In addition, they are still much safer than using a credit card to buy NFTs.
- Hardware wallets, on the other hand, are the most secure, as they keep your private keys separate from the internet. This makes it difficult to purchase or sell NFTs directly on marketplaces.