Opensea phishing scandal reveals a security need across the NFT landscape

Despite the ongoing volatility plaguing the digital asset sector, one niche that has undoubtedly continued to flourish is the nonfungible token (NFT) market. This is made evident by the fact that a growing number of mainstream mover and shakers including the likes of Coca-Cola, Adidas, the New York Stock Exchange (NYSE) and McDonalds, among many others, have made their way into the burgeoning Metaverse ecosystem in recent months.

Also, owing to the fact that over the course of 2021 alone, global NFT sales topped out at $40 billion, many analysts expect this trend to continue into the future. For example, American investment bank Jefferies recently raised its market-cap forecast for the NFT sector to over $35 billion for 2022 and to over $80 billion for 2025 — a projection that was also echoed by JP Morgan.

However, as with any market growing at such an exponential rate, issues related to security have to be expected as well. In this regard, prominent nonfungible token (NFT) marketplace OpenSea recently fell victim to a phishing attack that took place just hours after the platform announced its week-long planned upgrade to delist all inactive NFTs.

Diving into the matter

On Feb 18, OpenSea revealed that it was going to initiate a smart contract upgrade, requiring all of its users to transfer their listed NFTs from the Ethereum blockchain to a new smart contract. Owing to the upgrade, users who failed to facilitate the above said migration stood at a risk of losing their old and inactive listings.

That said, due to the small migration deadline provided by OpenSea, hackers were presented with a potent window of opportunity. Within hours of the announcement, it was revealed that nefarious third party individuals have initiated a sophisticated phishing campaign, stealing NFTs from many users that were stored on the platform before they could be migrated over to the new smart contract.

We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack…


Read More

Recommended For You

Leave a Reply

Your email address will not be published. Required fields are marked *