Market leader in NFTs, OpenSea is looking into “rumors of an exploit” utilizing smart contracts on its platform after traders who lost precious tokens began to panic on Twitter.
It appears that a harmful contract is buried under a disguised URL, according to a blockchain security startup that audits smart contracts, PeckShield. The link could have come from an email addressed to everyone in the company informing them of the upcoming move.
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of https://t.co/3qvMZjxmDB.
— OpenSea (@opensea) February 20, 2022
A total of $1.7 million in Ethereum, two Cool Cats, one Azuki, and three Bored Ape Yacht Club tokens were also found on the attacker’s address. According to a tweet from OpenSea on Saturday night, a smart contract exploits involving OpenSea is being investigated.
We have confidence that this was a phishing attack. We don’t know where the phishing occurred, but we’ve been able to rule out a number of things based on our conversations with the 32 affected users. Specifically:
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
The CEO of OpenSea asked affected customers to contact him directly on Twitter. Three NFTs were confiscated by the UK tax authority last week as part of an investigation into a 1.4 million-pound (almost $1.9 million) fraud case, according to the BBC on Monday.
How to keep your NFTs safe
- NFTs can only be stored in a crypto wallet at this point. Both hot and cold wallets are available, and both are used to store cryptocurrency.
- Most NFT marketplaces require the use of a software wallet in order to sign up for an account. Even when your private keys are linked to the internet, dApps and NFT markets expose your private keys to some level of danger in order to allow transactions. Paying by debit or credit card is still a risky option.
- Instead of storing your private keys on the internet, hardware wallets ensure the highest level of security. NFTs can’t be bought or sold directly on markets because of this.
***