The world’s largest NFT marketplace, OpenSea, is at the heart of a phishing attack that occurred on Feb. 19. OpenSea says that the hack isn't active anymore, but NFT traders want to know if their assets are safe.
Here’s what we know about who the exploit impacted, how OpenSea is handling it, and whether the NFT marketplace is safe to use moving forward.
What happened during the OpenSea NFT hack?
A hacker reportedly stole 17 NFTs out of wallets in the OpenSea ecosystem. The hack is a result of a targeted phishing attack, not a site-wide hack. Originally, OpenSea reported that 32 NFTs were stolen, but provided an update that only 17 NFTs have been stolen.
“Our original count included anyone who had *interacted* with the attacker, rather than those who were victims of the phishing attack,” OpenSea wrote in a tweet on Feb. 21.
The interesting thing? Droves of people are taking to social media to share that their NFTs have been stolen—and it’s much more than 17 people doing so. The true scope of the theft isn't known.
According to reports, the hacker posed at OpenSea and drained users’ wallets. The hacker stole valuable NFTs and liquidated them for cryptocurrency like Ether (ETH). NFTs trade on the Ethereum blockchain.
OpenSea reported that the phishing exploit isn't active because the hacker has been away for more than 25 hours.
How much are the stolen OpenSea NFTs worth?
Due to the plethora of social media reports, it still isn't clear whether OpenSea is reporting an accurate scope of the NFT exploit.
Some of the confirmed NFTs that the hacker ran off with were very valuable, including tokens from collections like Bored Ape Yacht Club and Mutant Ape Yacht Club.
In an unexpected move, the hacker did return some NFTs. However, the total amount is still under investigation. Reports say that the hacker has made off with anywhere from $1.7 million–$2.9 million or more from the confirmed NFTs. The hacker earned ETH by selling stolen NFTs on OpenSea.
Is OpenSea safe to use after the NFT phishing attempt?
The OpenSea vulnerabilities that allowed the phishing attempt to take place are still under investigation. While the hacker targeted users and not the site, NFT traders still expect an extra layer of security for high-value assets in an unregulated market.
The biggest issue is that OpenSea doesn't have coding in place to prevent the reselling of stolen assets. This isn’t the first time that a hack has happened on OpenSea. In January, hacker bots stole work from unknowing artists and sold the art as NFTs on OpenSea. The platform will have to implement additional checks and balances before NFT sellers are able to cash out on their coins, which is a difficult intervention in a decentralized arena.
Is OpenSea safe to use after the exploit? Most users haven't been impacted, but the unregulated NFT landscape is undeniably wrought with vulnerabilities. This could give traders pause before holding NFTs in their wallets through OpenSea.