32 accounts attacked, 254 NFTs stolen for a value of 641 Ether (ETH), i.e. a loot of approximately 1.6 million dollars, this is the result of the robbery suffered by users of the OpenSea platform on the evening of February 19. The method used by the hacker(s) remains unclear.
Some very valuable NFTs have disappeared
Among the stolen tokens, some belonged to the Bored Ape Yacht Club collection, one of the most valuable since the arrival of NFTs. Others are related to the Azuki collection: one of them would have been immediately resold for 13.4 ETH, around 34,700 dollars according to the current price of the cryptocurrency.
Russian hackers targeted US companies with secret-defense clearance
This theft would be the result of a hack that occurred between 5 p.m. and 8 p.m. on February 19. The panic created in the microcosm of NFT followers has been real. A Space brought together 3,700 panicked people from the start of the attack. The affected platform, OpenSea, exploded with the success of NFTs and is now valued at around $13 billion.
Hours later that night, OpenSea co-founder and CEO Devin Finzer tweeted a few things. He explained ” We are convinced it was a phishing attack “, while admitting” We don’t know where the phishing happened “.
We have confidence that this was a phishing attack. We don’t know where the phishing occurred, but we’ve been able to rule out a number of things based on our conversations with the 32 affected users. Specifically:
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
The CEO of OpenSea assures that the attack does not come from the site, nor its registration systems, nor emails from the company. He adds that he contacted the victims of the hack and that none seem to have received or clicked on suspicious links before having their precious NFTs stolen.
While the phishing seems certain, the details of the attack remain very vague. The Verge reports the exploitation of a flaw in the Wyvern protocol, it underlies most NFT contracts, including those on OpenSea. The victims would have signed a partial contract, then the pirate would have completed the said contract in order to transfer the NFT free of charge.
The attack is external to OpenSea, understood?
OpenSea Technical Director Nadav Hollander confirmed, All malicious commands contain valid signatures of affected users, indicating that they signed an command somewhere, at some point “.
– All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time. However, none of these orders were broadcast to OpenSea at the time of signing.
— Nadav Hollander (@NadavAHollander) February 20, 2022
The latter ruled out that an update to the OpenSea contract system, in progress at the same time, is responsible for the situation. A hypothesis retained for a time, then rejected because of the low number of victims.
One question remains: how did the hacker convince or deceive his victims to obtain their signature? Mystery. Devin Finzer, said working “ actively with users whose items have been stolen to narrow down a set of common websites they have interacted with that may be responsible for malicious signatures “.
Since the Twitter thread of the CEO of OpenSea and its CTO on February 20, where each heavily insisted on the external origin of the attack, no new information has been published. OpenSea offers assistance to victims of hacking who want it.