It’s hard to tell if stolen is really the right word, but over the weekend a phishing attack has seen at least 32 users lose NFTs they paid for on the popular trading site, OpenSea.
According to The Verge (opens in new tab), most of the attacks took place just last Saturday between 5PM and 8PM ET. The result appears to be about 254 tokens removed from the wallets of those who purchased them on OpenSea. The total value of stolen tokens is said to be over $1.7 million, based on the Ethereum the phishers have gained by selling off the liberated NFTs.
How to buy a graphics card (opens in new tab): tips on buying a graphics card in the barren silicon landscape that is 2021
Initially there was panic among the OpenSea community about how the attack took place, but the site's CEO Devin Finzer has confirmed it’s likely separate from the platform. Instead, it appears to be a bit more like your traditional email phishing scheme but for the NFT space.
All NFTs transfers had technically been signed off using the seller's unique signatures, but they were likely tripped into filling it out on something inconspicuous, not knowing what it would be used for. It’s a lot like email phishing schemes with fake links to plausible looking websites that steal your passwords.
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.February 20, 2022
Finzer states that the account responsible has stopped engaging in any malicious activity and has even given some of the NFTs back. But these have always been a bit of a weird and risky game to get into. One of the most famous NFT swindles saw the Evolved Ape NFT creator run off with $2.7 million in his pocket (opens in new tab) without delivering on future promises, namely the fighting game that was always meant to accompany the ape avatars.
NFTs also commonly involve stolen art, with people often trading images they’ve just copied off the internet and don’t own any intellectual rights to. The NFT marketplace Cent had to stop transactions due to the rampant counterfeit digital assets (opens in new tab), and OpenSea is no stranger to these issues either. The website offers a free tool for users to mint NFTs and had to limit it after finding that over 80% were plagiarism or scams. Many artists have had their works uploaded against their wishes by random users trying to make a quick buck.
However, we've recently seen misuse of this feature increase exponentially. Over 80% of the items created with this tool were plagiarized works, fake collections, and spam.January 27, 2022
If it's possible to arbitrarily own a jpeg on the internet that’s only purpose is to promote artificial scarcity and sell for profit then I suppose it’s also possible to have it stolen. It’s just hard to tell which of these concepts should actually be considered a crime.