After a recent hack that stalled OpenSea’s planned upgrade, the leading NFT marketplace is currently examining the factors that led to the “phishing attack” while announcing some key updates with respect to the incident via their official Twitter handle.
The thread also read that the list of affected individuals was numbered 17, and not what was previously mentioned as 32. The attack according to the firm’s observation did not appear to be active after the incident as there has been no activity on the malicious contract for more than 15 hours.
Refuting claims that its website’s code was breached, the platform’s chief executive Devin Finzer said in an earlier tweet on 20 February that
“We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen. NFTs, or non-fungible tokens, have surged in popularity over the past year.”
In a series of tweets, Finzer dismissed rumors that the hack incurred a loss of $200 million. The chief exec also said the hacker “has $1.7 million of ETH in his wallet from selling some of the stolen NFTs. And that some of the stolen NFTs have never been returned.
Finzer in a separate tweet mentioned that he and his team got in touch with “dozens” of individuals across the NFT space, and confirmed that this was a phishing attack.
Furthermore, he announced that Opensea was actively “working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.”
Critics slammed OpenSea’s ‘phishing’ claims
That being said, not all seem to back up the claims. One user who goes by the name- Mr. Whale in a tweet, posted a few hours after the breach, said that “over $200M [was] lost already.”
Another user named Jacob King also chimed in by rejecting Finzer and Opensea’s phishing attack claim. The user stated that a “flaw in their code led to one of the largest NFTs exploits in history.”
As previously reported by TronWeekly, OpenSea announced an upgrade on their smart contract on 18 February 2022 that aimed at removing inactive listings on the platform. It required users to migrate their listed NFTs from Ethereum blockchain to the new smart contract.
But just a few hours following the announcement, multiple reports emerged of an ongoing large-scale attack that targeted the soon-to-be-delisted NFTs.