Last Updated on 23/02/2022 by Nidhi Khandelwal
OpenSea, a non-fungible token (NFT) marketplace, is investigating a phishing assault that resulted in 17 of its users losing over 250 NFTs worth roughly $2 million.
NFTs are data kept on a blockchain, in this case Ethereum, that certifies ownership of digital files, generally artwork media files.
OpenSea is a peer-to-peer NFT marketplace that also allows traders to trade rare digital products and crypto collectibles. It is now valued at $13.3 billion and is regarded as one of the largest in the world.
Phishing actors are always seeking for new methods to exploit changes that force users to respond, and the OpenSea NFT theft is no exception.
The phishing actors were aware that OpenSea was upgrading its smart contract system to remove old and inactive listings on the platform, according to Check Point researchers, who prepared for the migration with their own emails and websites.
Users of OpenSea were notified that they needed to update their listings between February 18 and February 25 in order to continue utilizing the site.
To assist them, the platform sent out emails to all users with advice on how to confirm the listings’ migration.
The phishing actors took advantage of this process and sent the message from OpenSea to authenticated individuals using their own email addresses, fooling them into thinking their original confirmation had failed.
The phishing email included a link to a phishing website where victims were asked to sign a transaction ostensibly related to the migration.