NFTs have been stolen from dozens of users so far, with the world's biggest marketplace launching an "all hands on deck" investigation.
There's confusion and chaos after OpenSea was hit by a suspected phishing attack — with non-fungible tokens stolen from dozens of users.
The world's biggest NFT marketplace has been in the process of upgrading its smart contract — a move that was designed to ensure that old, inactive listings expire, and prevent collectibles from inadvertently being sold at prices below the market rate.
OpenSea had clearly signposted the contract upgrade in a blog post at the start of the month, but this may have prompted opportunistic fraudsters to deceive victims by sending out bogus emails that pretend to be from the platform.
The blockchain intelligence firm Peckshield shared a screenshot of a suspect email that accurately explains the change that's being made — accompanied by a "Get Started" button.
But clicking this link and authorizing the migration ultimately gives hackers the ability to steal valuable NFTs.
Late on Saturday night, the marketplace tweeted:
"We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of http://opensea.io."
'I Know You're All Worried'
"I know you’re all worried. We're running an all hands on deck investigation … We are not aware of any recent phishing emails that have been sent to users, but at this time we do not know which website was tricking users into maliciously signing messages."
Crypto Twitter was rife with criticism for OpenSea, not least because these phishing attempts appeared to be a carbon copy of a genuine email that had been sent a few days ago. Others showed that the incident impressed how important it is to always check what you are signing.
Earlier, there had been conflicting reports that an exploit had been found in the new OpenSea contract — allowing attackers to drain wallets. The latest statement from the platform suggests otherwise.
Amid the panic and confusion, some Twitter users — such as @AltcoinPsycho — attempted to lighten the mood with a joke:
I'd panic about the whole OpenSea situation but all my NFTs are basically worthless.