On Saturday, on the renowned NFT marketplace, OpenSea, someone anonymous got ahold of hundreds of users’ NFTs. They are currently investigating what is supposed to be a “phishing attack”. Around 32 accounts and 254 tokens have been targeted whereas some users don’t have access to their NFTs as well.

The co-founder and CEO of OpenSea announced on Twitter by saying, and we quote, “As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.” He continued to state, “We have confidence that this was a phishing attack. We don’t know where the phishing occurred, but we’ve been able to rule out a number of things based on our conversations with the 32 affected users.”

So, what happened?

Many NFT and Web 3.0 platforms use Wyvern Protocol, an open-source standard, in order to support their contracts. What went down is that the users that were influenced by the phishing attack apparently signed partial agreements which enabled the attacker to transfer these NFTs. Finzer stated that this is not a codebase breach and the attackers did not steal $200 million. According to investigations, the attacker has “$1.7 million of ETH in his wallet from selling some of the stolen NFTs.” This is a phishing scheme and is not connected to the website.

Now, several theories and statements are being exchanged. Some users mentioned that indeed $200 million were stolen while others mentioned that a “flaw in their code led to one of the largest NFTs exploits in history.” Finzer is refuting all these claims and stating that some of the stolen assets have been returned. He says, and we quote, “The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account. Some of the NFTs have been returned.”

This could’ve been avoided!

Now, all of this could’ve been avoided by simple and clear steps. If this was a codebase breach caused by OpenSea themselves, then it is a platform issue. However, there are several guidelines that users can follow to avoid having their digital assets hacked and stolen. Stay tuned as we provide with straight to the point guidelines that will allow you to secure your NFTs.