Millions of dollars worth of NFTs stolen from OpenSea users

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Dozens of NFT owners have lost $1.7 million worth of digital art in after being tricked in a cyber scam.

Users of the online NFT platform OpenSea were targeted by criminals, who used a technique known as phishing to get the owners to sign over the digital assets.

Blockchain security firm PeckShield recorded 253 tokens stolen during a three-hour period on Saturday evening, impacting 32 different OpenSea users.

Among the NFTs stolen were tokens from metaverse marketplace Decentraland and Bored Ape Yacht Club.

The phishing attack appears to have exploited a smart contract standard known as the Wyvern Protocol, which saw victims essentially sign a blank check for the attackers.

Phishing is one of the oldest forms of cyber attacks, though security experts have warned that they are constantly evolving and becoming increasingly sophisticated.

“Criminals are getting smarter and can still gain results from older, proven attack vectors,” David Mahdi, chief security officer at cyber security firm Sectigo, told The Independent.

“In the case of a phishing attack, it is no longer enough to watch out for crudely worded emails – recipients must also consider context, content and sender, particularly if financial transactions are involved.”

OpenSea is still investigating the attack, though has denied that its platform was compromised at any time.

“The attack did not originate on opensea.io,” tweeted Devin Finzer, CEO and co-founder of the NFT platform.

“We’re actively working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.”