OpenSea phishing scam swindled millions in NFTs

(Image credit: Thianchai Sitthikongsak/Getty)

It’s hard to tell if stolen is really the right word, but over the weekend a phishing attack has seen at least 32 users lose NFTs they paid for on the popular trading site, OpenSea. 

According to The Verge, most of the attacks took place just last Saturday between 5PM and 8PM ET. The result appears to be about 254 tokens removed from the wallets of those who purchased them on OpenSea. The total value of stolen tokens is said to be over $1.7 million, based on the Ethereum the phishers have gained by selling off the liberated NFTs.

Tips and advice

The Nvidia RTX 3070 and AMD RX 6700 XT side by side on a colourful background

(Image credit: Future)

How to buy a graphics card: tips on buying a graphics card in the barren silicon landscape that is 2021

Initially there was panic among the OpenSea community about how the attack took place, but the site's CEO Devin Finzer has confirmed it’s likely separate from the platform. Instead, it appears to be a bit more like your traditional email phishing scheme but for the NFT space. 

All NFTs transfers had technically been signed off using the seller's unique signatures, but they were likely tripped into filling it out on something inconspicuous, not knowing what it would be used for. It’s a lot like email phishing schemes with fake links to plausible looking websites that steal your passwords. 

Finzer states that the account responsible has stopped engaging in any malicious activity and has even given some of the NFTs back. But these have always been a bit of a weird and risky game to get into. One of the most famous NFT swindles saw the Evolved Ape NFT creator run off with $2.7 million in his pocket without delivering on future promises, namely the fighting game that was always meant to accompany the ape avatars.

NFTs also commonly involve stolen art, with people often trading images they’ve just copied off the internet and don’t own any intellectual rights to. The NFT marketplace Cent had to stop transactions due to the rampant counterfeit digital assets, and OpenSea is no stranger to these issues either. The website offers a free tool for users to mint NFTs and had to limit it after finding that over 80% were plagiarism or scams. Many artists have had their works uploaded against their wishes by random users trying to make a quick buck.

If it's possible to arbitrarily own a jpeg on the internet that’s only purpose is to promote artificial scarcity and sell for profit then I suppose it’s also possible to have it stolen. It’s just hard to tell which of these concepts should actually be considered a crime.

Hope Corrigan
Hardware Writer

Hope’s been writing about games for about a decade, starting out way back when on the Australian Nintendo fan site Since then, she’s talked far too much about games and tech for publications such as Techlife, Byteside, IGN, and GameSpot. Of course there’s also here at PC Gamer, where she gets to indulge her inner hardware nerd with news and reviews. You can usually find Hope fawning over some art, tech, or likely a wonderful combination of them both and where relevant she’ll share them with you here. When she’s not writing about the amazing creations of others, she’s working on what she hopes will one day be her own. You can find her fictional chill out ambient far future sci-fi radio show/album/listening experience podcast right here. No, she’s not kidding.