NFT Marketplace OpenSea Hacked, $200 Mn Loss Reported, 254 NFT Tokens Stolen

New York City – Let’s talk about something very interesting and intriguing that has taken place. Now, Hundreds of non-fungible tokens were stolen from OpenSea users on Saturday 19 February. Sparking rumors that the world’s largest NFT marketplace was hacked, and $200 million was lost in value. Devin Finzer, co-founder and CEO of OpenSea clarified on Twitter that it was apparently a phishing scam directorate, 32 individual users, and not connected to the NFT marketplace itself.
This list was narrowed down to just 17 users for our readers to understand phishing is a type of a cyber-attack where the attacker sends a fraudulent message designed to trick people into revealing sensitive information, which can then be used at other places and times. What exactly does this mean for the NFT marketplace. In the past also, we’ve had a lot of discussion and conversation with regards to NFT, with regards to, of course, cryptocurrencies in India.
This is a very nascent industry, as we, you know, globally are making a shift to a more digital way of living, and especially a more digital way of spending our money or storing our money. This is not just something that affects cryptocurrency, digital hygiene, understanding cybersecurity, understanding that while something like the blockchain is essential, for the lack of a better sort of this thing, it is almost unhackable.
There are loopholes that criminal elements are always going to sort of being one step ahead of people to try to sort of catch you in or trap you in, for instance, what has happened, or what seems to happen with the Opensea Phishing incident that just took place in the open sea as a platform has recently or they recently announced that they wanted all of their users to migrate to an on-chain contract, which essentially means that you will no longer be on the Open Sea smart contract.
But you as the individual artist or the individual Creator would have your own contract on the blockchain on the Ethereum blockchain. Now, what happened at this point is obviously Open sea as the sort of the platform that is asking their users to do this sent out emails to people saying this is when you need to do this spy.
And what seems to have happened is somebody and usually, these phishing scams are very, very sort of intricate, and they’re very well done because the difference between what Opensea has sent you and what they have sent you is probably going to be as little as 0 and O just replacing each other in what otherwise seems like a perfect open sea link.
In fact, we’re doing this in the space all the time, because we are educating people on web three protocol and how to actually navigate the space is, if you receive a link from anyone, literally anyone, even your closest friend, pick up the phone, check with them. Did you send me this? Because if they did not, or I mean, if it’s the case, like Open Sea, or any of the other platforms, reach out to them directly.
Ask if someone from their team actually reached out to you. Because if you don’t, that’s how these guys are going to get you. That’s they cannot hack what you own, but you click on a link. But as a kid, if you watched vampire movies, and they said, If a vampire comes to your door, you have to invite them in. These guys are the vampires until you don’t invite them in by clicking on the link, they cannot enter. So that is like the most basic bit of sort of cyber hygiene I can offer right now.
You see the problem with this whole smart contract business and you know, crypto transitions is that it is a one-click transfer, there are no confirmation modules. So, there are no secondary checks or so, you know, something like two factors or an alert or an SMS modification, there is nothing like that.
Whatever the secondary authentication checks are in place are there at the end of Portal like, you know, you have exchanges in India like you have platforms like Opensea. So, to log in onto that portal, you have some authentication mechanism, but actually on the actual wallet or, you know, store where your NFT or Crypto are held, are, you know, just one click delivery. So once somebody has access to your private key or token they can just transfer the entire NFT or triple your money in just one shot, one go without any authentication or confirmation.
Related:-
- FIR Registered Against Actor Sonu Sood In Moga, Punjab, Booked For Violating Poll Code Of Conduct
- Indian Citizens Asked To Leave Ukraine, Indian Embassy Issues Advisory
- Bird Flu Reported In Mumbai, Virar, Thane & Palghar Area, 2,300 Chickens Killed So Far
- Andhra Pradesh Minister Gautham Reddy Passes Away, Suffered Cardiac Arrest
- Indian Railways Connects Its Longest Rail Tunnel, 12.75 Km-Long T-49 On Katra-Banihal Section
Now, what has happened here is that OpenSea had sent out an email to several of his users that they are migrating to a new smart contract. And within a, you know, similar span of time, another fake phishing email was received, which took people to a different, you know, fake, smart contract website, and a function called atomic match was triggered, which could allow hackers to just steal all the NFT’s of the user in one click, one go without any further secondary mechanism in an automated way.
Now, this has happened in a very small span of up to three hours. So the question here is that somebody I think, knew that smart contract mail was coming up, somebody was ready with the entire, you know, phishing mechanism, somebody timed it so well. So this could not have been having happened without any insider threat or insider information.
So in my opinion, apart from you know, this phishing mechanism or advisory with Opensea and putting out, they also ought to investigate whether somebody inside open sea was involved, and somebody knew that what time emails will come how users I mean, you know, to create a phishing website, it is easy, but to time it so well. And that too, for us, there are millions of websites around the world, you don’t create phishing for everyone. I mean, somebody had a phishing setup of OpenSea are ready and the time it had mixed it Well, with this smart contract email.
So somebody had prior information, I believe over here. And usually, I mean, the Opensea, of course, is a very reputed portal. But if you look at other, you know, crypto exchanges, or crypto houses, we have seen in the past, that, you know, some platforms, fake hacks, and, you know, claim that money or crypto has been stolen, which are actually marketing that seems to collect money from people in one day you get up and say that we have been hacked, we have lost all the money.
And in reality, the owners or the employees of this exchange of actually, you know, sipping of the money and users are left with no discourse, because it is not legal here in India. So I hope that this is not a market exit scheme. I hope the first of all, the hack is genuine and there is no insider involved from the Opensea side to open it has to also figure out how can somebody time it so well, without any inside information? That is a question we must ask.
Third, it is also a lesson for ordinary users that look, if you are getting into this business like crypto and NFT you have to be very, very technically smart. I mean, because there are no secondary checks. There are no regulators there are no there are legal recourses or remedies available. So somebody if they have your private key or somebody has access to your atomic tokens, your NFTs will go and these transactions are irreversible.
Image via – OpenSea.io



