The world’s largest NFT exchange states it is actively investigating rumors of an exploit.
It appears a hacker or set of hackers were able to find and exploit a vulnerability within OpenSea allowing them to steal and then resell NFT’s. The blockchain security service “PeckShield” recorded 254 NFT’s were stolen including higher value tokens from Bored Ape Yacht Club, Decentraland and others. The attack has caused disarray and panic for the larger NFT community. The majority of the attacks occurred between 5 and 8pm ET and targeted 32 OpenSea users.
The hack seems to have exploited a vulnerability within the Wvern Protocol, which is the the open-source standard used by most NFT smart contracts.
OpenSea Co-Founder and CEO, Devin Finzer acknowledged the phishing attack, confirming that 32 users have lost NFTs so far. He stated that his team was “running an all hands on deck investigation”. Earlier this morning, Finzer reiterated his belief that this was a phishing attack. “We have confidence that this was a phishing attack,” he wrote.
He also stated rumors that this was a $200 million hack are false and the attacker “has $1.7 million of ETH (Ethereum) in his wallet from selling some of the stolen NFTs. The OpenSea CEO urged any users affected by this attack to directly message him on Twitter.