Source: Adobe Images/Tada
Major NFT marketplace OpenSea, which said it suffered a phishing attack over the weekend, reduced the list of people affected from the original assumption to 32 from 17. However, the platform said it had not yet determined the exact source. of the problem.
“Our initial count included everyone who *interacted* with the attacker, rather than those who fell victim to the phishing attack,” the company said Monday morning (UTC time). They also noted that "the attack does not appear to be active at this time" and "there has been no activity on the malicious contract for more than 15 hours."
On Saturday, a large number of panicked NFT traders began reporting the loss of their digital assets, including NFTs from popular collections such as Cool Cats and Doodle.
At the time, OpenSea said that it "appears to be a phishing attack" that originated outside of its website.
OpenSea CEO Devin Finzer added that the victims may have "signed a malicious payload from an attacker." The platform also claimed that "the attack does not appear to be email-based."
However, not everyone was convinced that it was a phishing attack.
Nadav Hollander, OpenSea's chief technology officer, also argued that the affected users should have approved a malicious contract. "All malicious commands contain valid signatures from affected users, indicating that they signed a command somewhere, at some time," he said.
On Friday, OpenSea released a smart contract update that requires all users to move their Ethereum (ETH) listings to the new smart contract.
While some have argued that the issue may be related to the migration, Hollander said the malicious commands "were signed prior to the migration and are unlikely to be related to the OpenSea migration flow."
Either way, according to Ryan Selkis, founder and CEO of crypto analytics firm Messari, OpenSea users learned a valuable lesson about self-custody and digital signatures.
“Which will be useful if they need to protect digital assets and leave a hostile country,” Selkis said, adding that for those who use crypto, autonomy is integral to the products they use, and they are “rewarded for risk with a greater advantage." ”
Meanwhile, as noted, in late January 2022, OpenSea encountered an issue related to the user interface (UI) design, which allowed some of its users to purchase NFTs at much lower prices.