CyberNews Briefs

OpenSea Phisher Stole $2m Worth of NFTs

A threat actor has allegedly stolen over $2 million from customers of the OpenSea non-fungible token (NFT) trading platform after launching a phishing attack against the marketplace. Researcher at Check Point stated that the attack occurred earlier this week, when OpenSea published an article about an upcoming contract upgrade, inspiring the attackers to design a phishing attack leveraging the news. Users were reportedly required to migrate their listings on Ethereum to a new smart contract. The email contained instructions on how to follow the new order.

Threat actors saw an opportunity in the shift and stepped in, creating a similar email containing a malicious link that sent targets to a convincing phishing page. The page then asked the user to sign a transaction. After signing the transaction, an atomicMatch request was sent to the target. From there, atomicMatch would be forwarded to the OpenSea contract. Due to the fact that atomicMatch is responsible for all of the trading on OpenSea with minimal trust, the transaction will only take place if certain parameters are met. Therefore, it was possible for the attackers to steal a victim’s entire NFT library on the site via one fraudulent transaction.

Read More: OpenSea Phisher Stole $2m Worth of NFTs

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.