News

As a result of a phishing attack targeting NFT migration, OpenSea’s scheduled upgrade has been put on hold

Yesterday, OpenSea issued a one-week deadline for a new smart contract upgrade. However, because of the urgency and short deadline, hackers had a brief window of opportunity.

Within hours of announcing a week-long planned upgrade to delist inactive NFTs on the platform, major NFT marketplace OpenSea has apparently fallen prey to an ongoing phishing attack.

OpenSea released a smart contract upgrade only yesterday, requiring users to migrate their listed NFTs from the Ethereum (ETH) blockchain to a new smart contract. Users that do not transfer from Ethereum risk losing their old, dormant listings, which currently do not require gas payments for migration. However, because of the urgency and short deadline, hackers had a brief window of opportunity. Within hours of OpenSea’s upgrade announcement, various sources began reporting on an ongoing attack against the soon-to-be-delisted NFTs.

Further analysis indicated that the NFTs were stolen through phishing emails before being moved to OpenSea’s new smart contract. The attackers acquire access to the NFTs after a user allows the migration via the bogus email.

Users should be skeptical of all emails from OpenSea and revoke all rights related to the migration to the new smart contract.

Devin Finzer, co-founder and CEO of OpenSea, confirmed that 32 users have lost NFTs as a result of the phishing attack. While the NFT marketplace has yet to decipher the ongoing phishing attack, blockchain investigator Peckshield suspects a possible loss of user data (including email ids) that is fueling the ongoing phishing attack.

However, Finzer has asked affected users to reach out to the company as he concluded:

“If you are concerned and want to protect yourself, you can un-approve access to your NFT collection.”

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *