• After a phishing attack, OpenSea’s CEO reassures users

  • After speaking with people, teams, and projects in the NFT field, OpenSea CEO Devin Finzer is sure that users’ NFT losses did not begin on opensea.io, but rather on third-party websites.

    On Saturday evening, the largest Ethereum NFT marketplace was targeted by a phishing attempt. Some users reported losing their Cool Cats and Doodle collections.

    In a tweet, CEO Devin Finzer stated, “As far as we can tell, this is a phishing attack.” We don’t think it’s related to the OpenSea website. So far, it looks that 32 users have signed a malicious payload from an attacker, and some of their NFTs have been taken.” Some NFT holders were deceived into transferring their NFTs to a different wallet. Etherscan reveals that the trickster’s Ethereum wallet now has a balance of 641 ETH.

    Finzer denied reports that the attack resulted in a $200 million loss of NFTs. Those who want to defend themselves against this attack should “un-approve” access to their NFTs on OpenSea, he said.

    When signing mails, Finzer recommended users to make sure they are on opensea.io.

    OpenSea has had a difficult few months.

    Customers were recently asked by OpenSea to move their NFTs to a new smart contract by Friday, February 20, 2021. This migration was intended to alleviate the user interface flaw on OpenSea’s website, which allowed at least three offenders to advertise NFTs at a fraction of their current price and then sell them for a profit.

    OpenSea’s recent user interface glitch resulted in the loss of $1.8M in NFTs, which OpenSea repaid. Users who transferred their NFTs to new wallets without canceling their old listings had their NFTs sold at the original listing price. According to OpenSea, the incidence was “not an exploit or a flaw,” but rather an issue that arose due to the structure of the blockchain. All listings on old smart contracts will expire on Friday, February 25, 2021. If the migration date is missed, it is still possible to relist without paying gas fees. Prior to that, users are taken through the process of moving their listings via an instructional video.

    The CEO of OpenSea reassures users

    Finzer stated on Twitter that using the new migration tool, minting, purchasing, selling, or listing NFTs on opensea.io, interacting with an OpenSea email, and clicking on the site banner were not vectors for the assault. Finzer stated that OpenSea is collaborating with users whose belongings were taken to identify a list of popular websites that they visited that may have been responsible for the bad signatures. “We have confidence this is not a phishing attack,” he informed users. “We are actively examining rumors of an exploit associated with OpenSea related smart contracts,” says OpenSea on Twitter. This appears to be a phishing attempt launched from somewhere other than OpenSea’s website. “Do not click links that take you away from opensea.io.”

    What's your reaction?