OpenSea phishing scam swindled millions in NFTs
Signed sealed and delivered.
It’s hard to tell if stolen is really the right word, but over the weekend a phishing attack has seen at least 32 users lose NFTs they paid for on the popular trading site, OpenSea.
According to The Verge, most of the attacks took place just last Saturday between 5PM and 8PM ET. The result appears to be about 254 tokens removed from the wallets of those who purchased them on OpenSea. The total value of stolen tokens is said to be over $1.7 million, based on the Ethereum the phishers have gained by selling off the liberated NFTs.
How to buy a graphics card: tips on buying a graphics card in the barren silicon landscape that is 2021
Initially there was panic among the OpenSea community about how the attack took place, but the site's CEO Devin Finzer has confirmed it’s likely separate from the platform. Instead, it appears to be a bit more like your traditional email phishing scheme but for the NFT space.
All NFTs transfers had technically been signed off using the seller's unique signatures, but they were likely tripped into filling it out on something inconspicuous, not knowing what it would be used for. It’s a lot like email phishing schemes with fake links to plausible looking websites that steal your passwords.
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.February 20, 2022
Finzer states that the account responsible has stopped engaging in any malicious activity and has even given some of the NFTs back. But these have always been a bit of a weird and risky game to get into. One of the most famous NFT swindles saw the Evolved Ape NFT creator run off with $2.7 million in his pocket without delivering on future promises, namely the fighting game that was always meant to accompany the ape avatars.
NFTs also commonly involve stolen art, with people often trading images they’ve just copied off the internet and don’t own any intellectual rights to. The NFT marketplace Cent had to stop transactions due to the rampant counterfeit digital assets, and OpenSea is no stranger to these issues either. The website offers a free tool for users to mint NFTs and had to limit it after finding that over 80% were plagiarism or scams. Many artists have had their works uploaded against their wishes by random users trying to make a quick buck.
However, we've recently seen misuse of this feature increase exponentially. Over 80% of the items created with this tool were plagiarized works, fake collections, and spam.January 27, 2022
If it's possible to arbitrarily own a jpeg on the internet that’s only purpose is to promote artificial scarcity and sell for profit then I suppose it’s also possible to have it stolen. It’s just hard to tell which of these concepts should actually be considered a crime.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Hope’s been writing about games for about a decade, starting out way back when on the Australian Nintendo fan site Vooks.net. Since then, she’s talked far too much about games and tech for publications such as Techlife, Byteside, IGN, and GameSpot. Of course there’s also here at PC Gamer, where she gets to indulge her inner hardware nerd with news and reviews. You can usually find Hope fawning over some art, tech, or likely a wonderful combination of them both and where relevant she’ll share them with you here. When she’s not writing about the amazing creations of others, she’s working on what she hopes will one day be her own. You can find her fictional chill out ambient far future sci-fi radio show/album/listening experience podcast right here. No, she’s not kidding.
Steam is 'an unsafe place for teens and young adults': US senator warns Gabe Newell of 'more intense scrutiny' from the government if Valve doesn't take action against extremist content
Hackers can wirelessly spy on your display by collecting HDMI signal leaks and churning them through an AI, but I wouldn't break out the tin foil just yet