Over the long weekend, somewhere between 17 to 32 users of the well-known NFT marketplace, OpenSea, opened up their ETH wallets to a horrifying discovery: some of their beloved jpegs, "worth" somewhere in the neighborhood of $2 Million collectively, were gone.
2) The attack does not appear to be active at this time. There has been no activity on the malicious contract in >15 hours.— OpenSea (@opensea) February 21, 2022
OpenSea CEO David Finzer is adamant that the site itself, which happens to be migrating to a new smart contract system right now, was not the origin of the attack -- i.e. nobody hacked the website itself -- and that it appeared to be a 'phishing attack' -- i.e. the users themselves mistakenly exposing their information to attackers in some other way.
Where is my Ape??? I lose it ...!!!!!Whats happened??????? pic.twitter.com/AkGPLq0LAS— Singravedadcanarias (@SingravedadMarK) February 21, 2022
While crypto bros initially estimated the total value of the stolen NFTS at somewhere around $200 million, the generally consensus is somewhere around a more modest $2 million. Many of the general public, on the other hand, estimate the total value of the stolen jpegs to be somewhere in the neighborhood of $0.00.
Oddly enough, it appears that the attacker -- whose ETH wallet is easily identified on the Ethereum blockchain -- inexplicably returned some of the NFTs to a few of the victims as well as sent a few others large sums of money, including one payment of $50,000.
So many NFT promoters saying the OpenSea hack was just phishing so nothing to worry about. Can someone explain sociotechnical systems to them please?— Rich Burroughs (@richburroughs) February 20, 2022
The latest attack comes in the wake of serious contention about the state of the NFT market. With one of the main purported benefits of NFTs at the start of the craze early last year being their impregnable security, the latest in a long-list of recent NFT heists becomes a little harder to square.