OpenSea is now investigating a phishing attack.
Phishing Attack on OpenSea — Still Active?
OpenSea is still investigating the attack but it appears that it’s no longer active. The company’s chief executive stated that the attack it’s not connected to the website.
According to Devin Finzer, OpenSea’s chief executive:
“As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”
He added that some of the NFTs have been returned.
Users might have received emails that look like an official message from OpenSea to trick them into moving their NFTs into another person’s wallet. The address now has a balance of 641 ETH, which is worth more than $1.7 million.
The hacker picked an optimal time to phish. Then, on Friday, the platform released a new contract so that users could migrate their holdings. The new smart contract aims to prevent a type of exploit. However, holders might sell their assets unwittingly at bargain-basement prices.
The chief executive urged its users to always verify if the site they’re visiting is the official OpenSea website, which is opensea.io.
The NFT Security
Non-fungible tokens (NFT) are virtual assets that can be tracked on the blockchain. Every virtual asset has a unique nature.
Its popularity grew over the past year. However, its security is questionable considering that it’s a novel technology. Thus, experts regard its safety as not high enough to guaranteed absolute security.
A scam is one of the risks related to investing in NFT. Malicious actors can easily impersonate popular platforms or wallets to steal users’ private data to access their virtual assets.
Malicious actors can impersonate well-known NFT creators. Then, they sell fake certificates of ownership. Some artists don’t know if their works are being sold without them knowing it.
Any person can tokenize the content the other people have created.
NFT security relies on centralized platforms to protect the private keys of all assets. Even if the platforms have the most advanced security measures, users could still fail to secure their passwords and private data. Thus, malicious acts could easily steal their NFTs.
Art lovers, for instance, could purchase NFTs but they could be inaccessible. The reason for this is that the artwork isn’t actually logged into the blockchain because it is stored anywhere else.
A serious NFT risk has something to do with intellectual property. The traditional law can’t be applied to a decentralized blockchain. When you buy an NFT, you can’t easily verify whether or not the seller is the actual owner of it. Malicious actors can just sell photos of NFTs or users can buy the right to use the NFT and not the IP rights.
Compared to cryptocurrencies, NFTs don’t have a monetary value. You can’t divide them into subtokens. However, both virtual assets are subject to security risks. The risks will just keep on growing in the future because of their rising popularity.