Activity on OpenSea, the world’s largest marketplace for digital collectibles, likely dropped precipitously after a phishing attack that saw traders lose as much as an estimated $3 million.
An unidentified hacker stole 254 tokens from OpenSea users by sending a malicious email asking to transfer their assets to a new contract. Around 17 traders signed the contract, which effectively acted as a blank check, giving the hacker access to all of the NFTs stored on their wallet.
Some of those assets have since been sold, netting the perpetrator a hefty gain. Devin Finzer, OpenSea’s chief executive officer, valued the total amount stolen at $1.7 million on Sunday, but researchers since have valued the pile at anywhere between $2 million and $3 million.
Among the stolen NFTs included four Bored Apes, three of which were later sold on rival platform LooksRare for a combined $667,000, according to data from blockchain security service PeckShield.
The number of traders using OpenSea dropped by 19%, to about 227,272 over the last seven days, per DappRadar. Over the last seven days, trading volume on LooksRare plunged nearly 65%, while volume on BloctoBay rose by more than 215%, according to DappRadar.
“There’s a huge difference between the data hosted on DappRadar, and the graphs you’re using in your story,” OpenSea said in a statement. “It’s wildly irresponsible to draw conclusions in your headline without any technical backing or comparisons to other platforms.
Furthermore, the data in the text of your story does not match the graphs in your story. For more accurate and complete data, please refer to Dune Analytics.”
OpenSea said on Monday that the attacker’s crypto wallet has gone quiet since the theft, with no transaction activity spotted in the last 24 hours.
The marketplace’s Chief Technology Officer Nadav Hollander said the incident demonstrated a need for more awareness about the security issues surrounding off-chain signatures among NFT traders, but noted that the attacker was able to fool their victims because of an ongoing contract migration.
“Education on not sharing seed phrases or submitting unknown transactions has become more widespread in our space. However, signing off-chain messages requires equal consideration,” said Hollander.
Read full story on Bloomberg