{"id":8173,"date":"2022-02-21T00:14:49","date_gmt":"2022-02-21T00:14:49","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/nft\/an-attacker-just-stole-millions-in-nfts-from-users-on-opensea\/"},"modified":"2022-02-21T00:21:16","modified_gmt":"2022-02-21T00:21:16","slug":"an-attacker-just-stole-millions-in-nfts-from-users-on-opensea","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/nft\/an-attacker-just-stole-millions-in-nfts-from-users-on-opensea\/","title":{"rendered":"An Attacker Just Stole Millions in NFTs From Users on OpenSea"},"content":{"rendered":"
Today, Feb. 19, 2022, OpenSea users<\/a> started to notice some strange activity on the company\u2019s platform. It appeared that an attacker was using a smart contract to interact with OpenSea\u2019s new exchange contract and steal millions of dollars worth of NFTs. nft now quickly verified the transactions. At the time of publication, the attacker had already stolen several of the world\u2019s most popular \u2014 and expensive \u2014 NFTs from a number of different users.<\/p>\n If you\u2019re concerned and want to protect yourself, you can un-approve access to your NFT collection here.<\/p>\n Ultimately, the stolen NFTs included four Azukis, two Coolmans, two Doodles, two KaijuKings, one Mutant Ape Yacht Club (MAYC), one Cool Cat, and one Bored Ape Yacht Club (BAYC). The attacker then quickly sold the stolen NFTs to other users to turn a profit. So far, the attacker has sold more than $1.7 million in stolen NFTs.<\/p>\n Editor\u2019s note: At the time of publication, the attacker had sold $700k in stolen NFTs. That number rose to $1.7 million just twenty minutes later. This number continued to rise in the hours following. All in all, two hundred and fifty-four tokens were stolen over roughly three hours<\/em>.<\/p>\n The move wasn\u2019t caused by a generalized smart contract exploit. But rather, it\u2019s a latent phishing attack. The hacker appeared to be using a helper contract that was deployed 30 days ago to call an OS contract deployed over four years ago, with valid atomicMatch data (for those interested in a full technical breakdown, here\u2019s a more detailed overview<\/a>).<\/p>\n In a tweet posted<\/a> a half-hour after users initially noted the activity, OpenSea confirmed the rumors, stating that the event appeared to be a phishing attack originating outside of OpenSea\u2019s website. In the post, the company urged users not to click any links outside of the official site.<\/p>\n Several hours later, at 11 pm EST, OpenSea co-founder and CEO, Devin Finzer, took to Twitter <\/a>to clarify exactly what happened. Finzer reiterated that, according to internal investigations, it was a phishing attack, and he stated that at least 32 users had signed a malicious payload from the attacker. Beyond that, he noted that the company was still searching for answers. \u201cWe are not aware of any recent phishing emails that have been sent to users, but at this time we do not know which website was tricking users into maliciously signing messages,\u201d he said.<\/p>\nAn old bug and new update collide<\/h2>\n