Scan to Download ios&Android APP

$1.7m OpenSea NFT hack calls crypto security into question

15:33, 22 February 2022

Share this article
In this article:

Have a confidential tip for our reporters?

A hacker in a hoodie with a digital imprint
Security on decentralised cryptocurrency exchanges is under the spotlight – Photo: Shutterstock

Security on decentralised cryptocurrency exchanges is under the spotlight as a major non-fungible token (NFT) exchange was hit by an attack that saw the equivalent of  $1.7m (£1.2m, €1.5m) stolen during the weekend.

Users of OpenSea, one of the crypto world’s largest NFT marketplaces, was hit by a phishing attack that resulted in NFTs being stolen from certain users of the exchange.

NFTs are unique, non-tradeable ownership receipts for digital assets that are tracked on a specific blockchain (such as ethereum [ETH]) to prove authenticity. They can take the form of a static image, video clip or an animated 3D image.

Twitter response

OpenSea investigated the attack, which it found to be a phishing attack that originated from outside the marketplace.

OpenSea CEO and co-founder Devin Finzer confirmed on Twitter that the attack was not connected to the OpenSea website itself, but involved targeted emails to OpenSea users.

Twitter comment from OpenSea's Devin Finzer OpenSea's Devin Finzer confirms the hack – Credit: Twitter

“As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website,” Finzer said on Twitter.

In a subsequent Tweet, OpenSea had narrowed down the impacted user accounts to 17 from 32.

OpenSea Twitter comment showing the impacted user accountsOpenSea narrows down the impacted user accounts – Credit: Twitter

Phishing attack

Phishing is a form of online fraud where criminals pretend to be a trusted party (such as a bank or senior company executive) and ask a targeted individual for passwords or other key information online.

With more money flowing into digital assets such as cryptocurrencies and NFTs, interest from unfriendly elements and criminal entities has risen.

Also, there are few protections in place for investors as financial regulators have yet to extend their powers into the cryptocurrency space.

Crypto crime

In a recent report, blockchain data firm Chainalysis found that $3bn was stolen from cryptocurrency exchanges in 2021.

A chart showing $3bn stolen from cryptocurrency exchanges in 2021 Chainalysis found that $3bn was stolen from cryptocurrency exchanges in 2021 – Credit: Chainalysis

“As the total value locked in [decentralised finance] climbs to ever-greater all-time highs – $256bn at last peak – so too does the risk of exploitation,” Chainalysis said.

What is your sentiment on ETH/USD?

Vote to see Traders sentiment!

Seven of the 10 largest crypto thefts last year, representing a haul estimated at over $1bn, were carried out on crypto exchanges, Chainalysis found.

A chart showing the 10 largest crypto thefts from exchanges in 2021 The 10 largest crypto thefts from exchanges in 2021 – Credit: Chainalysis

“If there’s one takeaway from the meteoric rise of thefts from [decentralised finance] platforms, it’s the need for smart-contract security and price-oracle accuracy. Code audits, decentralised oracle providers and an altogether more rigorous approach to platform security could be the ideal means to that end,” the data firm said.

Hack analysis

OpenSea chief trade officer Nadav Hollander explained the recent hack in detail on Twitter.

Hollander said: “All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time. However, none of these orders were broadcasted to OpenSea at the time of signing.”

It appears OpenSea users received emails that looked like genuine OpenSea Community Updates inviting customers to migrate their ethereum (ETH) listings to a new smart contract, an automated blockchain programme that runs when pre-defined conditions are met.

As OpenSea introduced its own legitimate smart contract one day prior to the attack, the phishing email may have taken advantage of this change.

OpenSea could not be reached for comment directly as it does not employ a media team and has no direct email contact address to send press enquiries.

Read more

The difference between trading assets and CFDs
The main difference between CFD trading and trading assets, such as commodities and stocks, is that you don’t own the underlying asset when you trade on a CFD.
You can still benefit if the market moves in your favour, or make a loss if it moves against you. However, with traditional trading you enter a contract to exchange the legal ownership of the individual shares or the commodities for money, and you own this until you sell it again.
CFDs are leveraged products, which means that you only need to deposit a percentage of the full value of the CFD trade in order to open a position. But with traditional trading, you buy the assets for the full amount. In the UK, there is no stamp duty on CFD trading, but there is when you buy stocks, for example.
CFDs attract overnight costs to hold the trades (unless you use 1-1 leverage), which makes them more suited to short-term trading opportunities. Stocks and commodities are more normally bought and held for longer. You might also pay a broker commission or fees when buying and selling assets direct and you’d need somewhere to store them safely.
Capital Com is an execution-only service provider. The material provided on this website is for information purposes only and should not be understood as an investment advice. Any opinion that may be provided on this page does not constitute a recommendation by Capital Com or its agents. We do not make any representations or warranty on the accuracy or completeness of the information that is provided on this page. If you rely on the information on this page then you do so entirely on your own risk.

Still looking for a broker you can trust?

Join the 400.000+ traders worldwide that chose to trade with

1. Create & verify your account

2. Make your first deposit

3. You’re all set. Start trading