OpenSea users lose $1.7 million worth of NFTs to hackers

OpenSea confirmed that it was hit by a phishing attack with at least 32 users losing NFTs worth $1.7 million.

The attacker now has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.

The hack happened as OpenSea, the world's largest NFT marketplace, announced an upgrade that required users to migrate their listed NFTs from ETH blockchain to a new smart contract.

Within hours after OpenSea's upgrade announcement, an ongoing attack that targets the soon-to-be-delisted NFTs was reported.

OpenSea Co-Founder and CEO, Devin Finzer acknowledged the phishing attack, adding that rumors that this was a $200 million hack are false.

Finzer said they don’t believe the attack was connected to the OpenSea website as it appears 32 users who have signed a malicious payload from an attacker had some of their NFTs were stolen.

The OpenSea CEO urged affected users to message him directly on Twitter.

OpenSea said it is investigating rumors of an exploit associated with its related smart contracts although it appears that the phishing attack originated outside of their website.

Blockchain investigator Peckshield suspects a possible leak of user information, including email ids, fueled the phishing attack.