OpenSea, the leading marketplace for non-fungible tokens (NFT), announced an update to the service on Saturday, prompting users to migrate their listed assets from the Ethereum (ETH) blockchain to a newly created smart contract.
However, in the hours that followed, 32 platform users fell victim to an email phishing attack that resulted in $1.7 million worth of ETH being stolen from an anonymous entity.
OpenSea CEO Devin Finzer released a thread of tweets explaining that the breach was orchestrated by fake email scams assuring users of their OpenSea identityby convincing them to sign a digital message with their wallet, thereby unknowingly granting a transferable license to the hacker’s assets.
CTO Nadav Hollander also tweeted that “none of the malicious orders against the new contract (Wyvern 2.3) were executed.indicating that they were signed before the migration and are unlikely to be related to the OpenSea migration flow.”
As a result, Hollander called for more security education in the Web3 space, particularly around off-chain message signing.
Here’s a technical deep dive on recent events from our CTO: https://t.co/2x2CBBCNtY
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
Here is a technical summary of the latest developments from our CTO:
Three of the missing NFTs belonged to the popular Azuki NFT collection. The project with 10,000 avatars focuses on cultivating an inclusive Metaverse community composed of artists and Web3 advocates.
The project was inspired by the azuki bean – also known as adzuki bean – an East Asian culinary staple as well as an auspicious message in Japanese culture. References to the ingestion of the red bean and the next BEAN token demonstrate this intent. Azuki currently has a floor price of 11.79 ETH, which is $32,155.
In a philanthropic turn of events, the NFT Market Mintable bought three of the Azuki from up-and-coming OpenSea competitor LooksRare for 0.2 ETH below the reserve price and now intends to reunite them with their original owners.
Mintable founder and CEO Zach Burks openly criticized OpenSea’s lack of response to the hack.with the words: “Unfortunately, it seems that even though they have over $1 billion in cash, they can’t afford their users a $1.7 million refund.”
Burks announced that Mintable is working with the Azuki team and product manager Demna to find a suitable solution for the incumbents, with the NFTs expected to be returned to their rightful owners in the coming days.
When we bought Azukis for our sale this weekend (underfloor sale for free profit to users), we spotted some of the stolen ones @AzukiZen from the opensea hackb…
We decided to buy them and return them to whoever they were stolen from. Here’s what happened
— Zach Burks (@ZachSpaded) February 23, 2022
As we were buying Azukis for our underground sale to benefit users this weekend, we spotted some of the @AzukiZen stolen by the opensea hack…
We decided to buy them and return them to whoever stole them. That’s what happened
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information contained herein should not be construed as financial or investment advice. All investment and trading movements involve risk and it is the responsibility of each person to conduct their proper research before making any investment decision.
Investing in crypto assets is not regulated. They may not be suitable for retail investors and you may lose the entire amount invested. The services or products offered are not intended for and are not accessible to investors in Spain.