Three non-fungible tokens (NFTs) stolen from users of NFT marketplace OpenSea are to be returned to their owners, after rival platform Mintable tracked them down.
According to a press release from Mintable, its team was acquiring Azuki NFTs on NFT marketplace LooksRare for its February Floor Buster flash sale when it found and purchased Azukis #1178, #4176 and #1180. In an announcement, Mintable said that it “would like to return them to their previous holders.”
“If OpenSea isn’t going to make it right, someone has to,” said Mintable founder and CEO, Zach Burks. “For some of these people, all their net worth is tied up in their NFTs and it’s horrible to have them stolen.”
In its announcement, Mintable identified the NFTs as being part of a $1.75 million haul of NFTs stolen from OpenSea users on February 19.
Although it was initially reported to be an exploit, OpenSea CEO Devin Finzer subsequently tweeted that the users had fallen victim to a phishing attack that “did not originate” on OpenSea itself. Finzer added that the users had inadvertently “signed a malicious payload from an attacker, and some of their NFTs were stolen.”
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
This hasn’t been the first major loss of digital assets suffered by OpenSea users this year. In January, an OpenSea exploit enabled opportunistic NFT collectors to purchase rare NFTs for well below their floor price.
On that occasion, the exploit affected “inactive listings” that hadn’t been properly canceled, either because users didn’t want to pay the gas fees—or in most cases, because they weren’t aware that the old listings had remained active.
In total, OpenSea users lost about $1.8 million in NFTs to the exploit, which the NFT marketplace subsequently refunded to them in Ether.
Last week, a man named Timothy McKimmy—who lost his treasured Bored Ape Yacht Club NFT in the January exploit—filed a $1 million lawsuit against OpenSea. McKimmy alleges that the NFT marketplace knew about the bug, but failed to shut down and rectify it, in order to carry on collecting a 2.5% cut of every transaction uninterrupted.