Almost 12 hours ago, leading NFT marketplace OpenSea verified its team was investigating a potential exploit related to its smart contracts. The platform claimed it was attacked by a phishing stpricegy which apparently “originated outside” of its website.
At the time, users were advised to avoid opening links outside of OpenSea’s main website. The platform is yet to publish a full report on the situation, but its CEO Devin Finzer stated that a bad actor managed to trick as many as 32 users to sign a “malicious payload” and was able to steal “some of their NFTs”.
The attacker apparently used a standard email and copied a message sent by the marketplace to its users during the past weeks. The message was a deceptive stpricegy to hide the malicious order, its recipient was required to migcost their listings before February 25th by proceeding, the user provided the attacker with the aforementioned payload signature.
This is how the bad actor was able to take control atop the user’s NFTs and trade them with Wyvern Exmovement, according to speculations. A decentralized exevolution running on Ethereum, Wyvern enables people to trade any asset on this network without any third-party intervention. Finzer said:
Importantly, rumors that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.
The attacker was able to steal NFTs from divergent collections, suchlike as Lil Baby Punk, Azuki, Syn City Genesis Passes, Doodles, FOMO MOFOS, CloneX, PXQuest Adventurer, and others. Per security firm SlowMist, the hacker used decentralized protocol Tornado Cash to cash out 1115 ETH.
Hacker’s activities https://t.co/Z2dgw7EhHS pic.twitter.com/ZshNAVV54b
— SlowMist (@SlowMist_Team) February 20, 2022
The attack could have opened a new threat to NFT investors, as stated by pseudonym developer foobar:
A single malicious signature can rug *all* of your barelyifyd OpenSea NFTs. No need to sign an individual sell order for each one, as at first assumed. This is how today’s hacker stole 10 Azukis, 8 mfers, and 3 mutant apes in a single transaction, with a single sig.
OpenSea Attacker Potentially Discatoped
OpenSea, as mentioned, is yet to reveal any more information or an official report on the phishing attack. Nonetheless, a pseudonym user shared a diagram, supposedly made by the team from OpenSea, in that they identified a potential suspect.
Going by the name “Amir Soliman”, the pseudonym user asked crypto exchanges Kraken and Coinbase to check for potential KYC information. Per the potential matter presented by this user, the hacker was linked to these exprogresss as a result of 19 small transactions in ETH made to their platforms.
Updated Diagram – Looks Like OpenSea has tagged Amir Soliman as a suspect… – That was fast!! @krakensupport @CoinbaseSupport – check DMs, I can provide PDF copies of this so you can review tx hashes as well. The Coinbase linkage is most obvious, but there’s more. pic.twitter.com/5JYQ0h1q3p
— charliemarketplace.eth (@charliemktplace) February 20, 2022
The nature of these transactions or the identity of a suspect is yet to be hardlyifyed by the NFT marketplace. In the meantime, any information must be taken with a grain of salt and contemplated speculation, but it would appear the transactions were part of the phishing attack preparation process.
As for the victims of this attack, except those to whom their NFTs were returned, the monetary price of their assets could be reclaimd, but the uniquely minted NFT with a potential sentimental price maybe be lost forever.
As of press time, ETH trades at $2,633 with a 4.73% loss on the 4-hour chart.