NFT Phishing Hack 🎣

NFT Phishing Hack

NFT marketplace OpenSea is investigating a “phishing attack” that no longer appears to be active, the company’s chief executive said late Saturday.

On Saturday, attackers stole hundreds of NFTs from OpenSea users, causing a late-night panic among the site’s broad user base. A spreadsheet compiled by the blockchain security service PeckShield counted 254 tokens stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club.

​​“We don’t believe it’s connected to the OpenSea website,” Devin Finzer, who is also its chief executive officer, said on Twitter. “It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”

OpenSea was in the process of updating its contract system when the attack took place, but OpenSea has denied that the attack originated with the new contracts. The relatively small number of targets makes such a vulnerability unlikely, since any flaw in the broader platform would likely be exploited on a far greater scale.

Based on the findings of PeckShield, a blockchain security company that audits smart contracts, the rumored exploit was “most likely phishing,” which is when a malicious contract is hidden within a spoof link.

One of the possible sources of the link, according to the company, was the same mass email about the migration process that was sent out earlier.

The attacker’s wallet contains 641 Ethereum, which is worth approximately $1.7 million, as well as a selection of NFTs that have been stolen.

I am not a financial advisor and my comments should never be taken as financial advice. Investments come with risk, so always do your research and analysis beforehand.

Share:

More Posts

What is a kids brokerage account?

23 March, 2023

A kid’s brokerage account is more accurately called a custodial account. This is a brokerage account that parents or legal guardians can open on behalf of their child.

Load More
Get your daily Invstr Crunch

Get the market news and updates you need, delivered to your inbox or available on our daily podcast.

Facebook Twitter Youtube Instagram Snapchat Tiktok
learn
products
plan
Who we are
blog

Risk Disclosure:

Invstr is not a bank and banking services are provided by Vast Bank, N.A.

Brokerage and Banking services are currently only available to U.S. residents.

Invstr app and web services are provided by Invstr Ltd. Advisory services are provided by Invstr Financial LLC, an investment adviser registered with the Securities Exchange Commission (SEC) details of which can be obtained here. Securities brokerage and custody services are provided by Apex Clearing, a broker dealer registered with the SEC and a member of FINRA and SIPC. There is no bank guarantee on securities and securities may lose value.

Investing involves risk and can lead to losses. Past performance does not guarantee future results.

Invstr app and web services are provided by Invstr Ltd. Invstr+ advisory services are provided by Invstr Financial LLC, an investment adviser registered with the Securities Exchange Commission (SEC). Securities brokerage and custody services are provided by Apex Clearing, a broker dealer registered with the SEC and a member of FINRA and SIPC. There is no bank guarantee on securities and securities may lose value. Vast Bank N.A. a nationally chartered bank and member of the FDIC, provides the banking products, including the products and services related to digital asset accounts. As with any asset, the value of Digital assets can go up or down and there can be a substantial risk that you lose money buying or holding digital assets. You should carefully consider whether trading or holding Digital assets is suitable for you in light of your financial condition. Your digital account does not support wallet to wallet transferring of your digital assets (i.e. cryptocurrencies) outside the platform. Any Digital Assets in your digital asset account are not insured by any government entities, including but not limited to FDIC or SIPC. The Invstr Visa® Debit Card is issued by Vast Bank, N.A. pursuant to a license from Visa U.S.A Inc and may be used everywhere Visa debit cards are accepted. Invstr Ltd, Invstr Financial LLC and Invstr Securities Ltd are subsidiaries of Marketspringpad Holdings (collectively “Invstr”) and Invstr is solely responsible for the application services and website content.

Watchlists provided when users first access the service are not a recommendation to invest. Instead they are provided to help users better navigate the service. Users are free to edit and create their own watchlists. From time to time, Invstr will suggest instruments solely based on an individual’s interest and the interest levels of the Invstr community.The statistical and portfolio builder models generated by Invstr do not reflect actual investment results and are not guarantees of future results.Comments provided by Invstr leaders, influencers or members of the Invstr Community are not recommendations and should not be construed as such.Invstr does not endorse the content or the positions posted by them. Their investment approach, and that of the models provided by Invstr, may be different from yours and may not be appropriate for you.