How OpenSea Users Lost $1.7 Million in NFTs to Phishers

Trading activity on OpenSea has taken a nosedive after the phishing attack, dropping more than 70% in the past four days.
Adam Rowe

OpenSea had a bad weekend: 17 users of the popular NFT marketplace lost NFTs to theft, netting the attacker a total of $1.7 million in Ethereum.

The event was far from the first-time tokens have been stolen, but the scale of the loss and the fact that it took place on one of the largest NFT marketplaces makes it stand out.

So how was the digital art heist pulled off, and what does it say about the future of the NFT community?

What Happened

On Friday, OpenSea began a migration to a new smart contract system. The migration won't be completed until February 25, and it made for the perfect opportunity for a phishing attack.

While the details haven't been confirmed, the bad actor in question appears to have tricked some users into signing a partial contract with some portions left blank. Once signed, the contract was then completed with a call to a new contract that transferred ownership of NFTs for free.

The phisher interacted with 32 users, successfully phishing 17 of them to steal a total of 254 tokens over three hours.

How Much Was Lost?

While the concept of NFTs holding value is a little murky due to the speculative nature of the technology, OpeaSea's CEO noted on Twitter that “rumors that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.”

In other words, the “$1.7 million” price tag doesn't encompass the entire monetary value of the losses, just what the hacker was able to convert to something more spendable.

Since one of the guiding principles behind blockchain is that it renders regulatory authorities unnecessary, those who were tricked out of their NFTs may have little recourse.

NFT Trading Dropped 70%

OpenSea released an “end of day update” on Twitter late yesterday to explain the most recent news surrounding the aftermath of the phishing attack. At the time, they hadn't seen activity from the attacker's wallet in more than 36 hours.

The Twitter thread includes a link to an OpenSea Help Center article that details what a smart contract migration really looks like.

That small comfort may not be enough: Statistics from data provider DappRadar indicate trading activity on OpenSea has taken a nosedive, dropping over 70% in the past four days — from 70,100 transactions to just 19,400 of them.

While that number will likely rise again once the dust clears, the impact on OpenSea's reputation will last far longer. NFTs are one of the tech world's buzziest concepts, but that doesn't mean they're one of the best. If you're in fear for your wallet, don't trust your activity to stay safe just because you have a great VPN — double check everything before you sign a contract.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals