Devin Finzer, Co-founder and CEO of Opensea denied rumors that non-fungible tokens marketplace hack and cybertheft of $200 million. Also, he claimed that the source code of OpenSea was not compromised and considered it a ‘Phishing attack’.
In Brief:
- He said 17 users suffered a phishing attack and lost $1.7 million worth of NFTs in total.
- The perpetrator tricked users to signed transactions.
In this attack, 17 users lost their NFTs and the attacker “has $1.7 million of ETH (Ethereum) in his wallet from selling some of the stolen NFTs.
The phishing attack is a sort of online scam, in which perpetrators trick targets to sign transactions or direct them to fake websites.
In the investigation, he identified an attacker’s wallet with $1.7 million worth of ETH, which was used in a phishing scheme. However, Finzer refuted that the attack is not linked to Opensea’s website.
Although, He accepted that the over 30 users lost their NFTs after signing “a malicious payload from an attacker”
Despite all this assurance from Opensea officials, Some Twitter users are considering these statements false. Some experts on Twitter claimed that a “flaw in their code led to one of the largest NFTs exploits in history,” while denying it as a phishing attack.
Some users have also debated that in the few hours after Opensea got compromised, “over $200M [was] lost already.”
Among all these allegations, Finzer gave a reference to an investigation that had shown that the perpetrator returned some of the stolen NFTs.
He stated “The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned.”
While denying rumors, he explained that the Opensea determined that “the attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.”
However, the team couldn’t determine the website at the time of writing that had been “tricking users into maliciously signing messages.”
Among all this report, security analyst firm Peckshield made an update on the incident. According to their tweet, the attacker used Tornado Cash to drain 1100 ETH.
The stolen NFTs list contains exclusive NFTs from top collections such as Doodles, CloneX and others. The attacker might sell these NFTs at far lower prices than floor prices on other marketplaces.
In a short time, Opensea suffered numerous attacks that allowed perpetrators to steal millions worth of NFTs. Recently, Opensea bug exploitation enabled hackers to transfer $1 million worth of NFT to his wallet.
