Hackers easily stole millions of dollars from NFT platform OpenSea

Non-fungible token (NFT) trading platforms have become one of the main targets for threat actors seeking quick profits at the expense of enthusiasts of this digital art samples. According to a report, the OpenSea platform suffered a phishing attack that led to the theft of millions of dollars in NFT, an incident that has taken sellers and website administrators alike by surprise.

Devin Finzer, ceo of the company, confirmed the incident through his Twitter account, also mentioning that the attack affected 17 users and that many of the stolen assets have already been identified and returned to their rightful owners. Apparently, the threat actors had obtained around $2 million USD in cryptocurrency thanks to the improper sale of these tokens.

Finzer mentions that the attack has already been contained and all phishing attempts by the attackers have been detected. As you may recall, phishing tactics seek the theft of sensitive information through fraudulent emails, including bank details and cryptocurrency addresses. It is believed that the hackers sent emails pretending to be OpenSea employees, so the affected users did not hesitate to follow the instructions in the message to move their assets to illegitimate addresses.

OpenSea added that the cryptocurrency wallet associated with the attackers has already been fully identified and is marked as an account linked to fraudulent activities, so from this moment users who try to transfer crypto funds to this address will find a security alert. The company’s CEO concluded by mentioning that the attackers appear to have disrupted its activities since the investigation began.

This is a new sample of how effective a well-planned phishing attack can be, so virtual asset enthusiasts should remain alert to any potential hacking attempts. Cybersecurity specialists always recommend verifying the legitimacy of any message received, in addition to remembering that NFT platforms do not request access codes or the delivery of personal data through email. The sale of assets outside of exchange platforms should also be taken as an alert of possible fraud.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.