Scammer steals $1.7 million worth of NFTs from OpenSea users

TL;DR Breakdown 

  • Several OpenSea users fell victim to a phishing attack. 
  • The alleged attacker stole over $1.7 million worth of NFTs. 
  • The attacker used the platforms new contract migration email to trick users. 
  • 17 users fell victim to the attack.

Several users of the world’s largest NFT marketplace OpenSea have experienced a phishing attack. Last week, OpenSea announced a new contract upgrade to ensure that old and inactive NFT listings on the Ethereum blockchain expire safely. The contract upgrade was set to take place between February 18 and 25. 

An alleged scammer saw this as an opportunity to steal NFTs from active users. The scammer sent phishing emails to users. The email was identical to OpenSea’s contract migration email, except it contained links to fake sites. Users unknowingly shared their login details on these fake sites, allowing the user to gain access to their NFTs.