Hackers are purportedly targeting high-value NFTs on the OpenSea marketplace. Hackers are actively stealing NFTs and flipping them for a profit on OpenSea, the world’s largest NFT platform, according to reports. NFT holders across the board are in turmoil. This attack on the OpenSea occurred shortly after it was disclosed that bad actors may steal NFTs using outdated stated prices without the owner’s awareness owing to a fault in the code.
Despite the fact that OpenSea has yet to discover the hack, the marketplace has issued a warning to its consumers via its website and Twitter.
“We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of opensea.io.”
Because all blockchain transactions are available to everyone, the attacker was able to transfer many NFTs from different users to their own addresses without paying for them. The popular Bored Ape Yacht Club and the Mutant Ape Yacht Club own some of these NFTs. The hacker also took an NFT from the Azuki collection, which he later sold for 13.4 ETH ($36,000).
The attacker still has roughly 600 ETH in his wallet, which is worth a whopping $2 million. The attacker is also behaving strangely, since it returned numerous NFTs stolen from a single victim in one occasion. However, among the stolen NFTs was a BAYC NFT, which the market has frozen.
The most recent smart contract on OpenSea aims to address the problem of dormant listings, which allowed criminals to steal NFTs from collectors by paying a small fraction of the previously listed pricing. Many NFT holders on the site had unknowingly lost their NFTs at a fraction of their current value as a result of this error.
To fix the problem, the marketplace is now requesting that customers switch to the new smart contract. However, it appears that users of this platform are still in risk, as a new threat has emerged. A hostile agent is phishing consumers using a false page that looks exactly like the one produced for the smart contract upgrade.
Users who aren’t aware of the differences are mindlessly following the bogus page, resulting in the loss of personal information as well as valuable NFTs. This is not an OpenSea breach, but rather a phishing issue, according to Ethereum core developer Hudson Jameson.