OpenSea phishing scam swindled millions in NFTs

pcgamer.com:

It’s hard to tell if stolen is really the right word, but over the weekend a phishing attack has seen at least 32 users lose NFTs they paid for on the popular trading site, OpenSea. 

According to The Verge, most of the attacks took place just last Saturday between 5PM and 8PM ET. The result appears to be about 254 tokens removed from the wallets of those who purchased them on OpenSea. The total value of stolen tokens is said to be over $1.7 million, based on the Ethereum the phishers have gained by selling off the liberated NFTs.

How to buy a graphics card: tips on buying a graphics card in the barren silicon landscape that is 2021

Initially there was panic among the OpenSea community about how the attack took place, but the site's CEO Devin Finzer has confirmed it’s likely separate from the platform. Instead, it appears to be a bit more like your traditional email phishing scheme but for the NFT space. 

All NFTs transfers had technically been signed off using the seller's unique signatures, but they were likely tripped into filling it out on something inconspicuous, not knowing what it would be used for. It’s a lot like email phishing schemes with fake links to plausible looking websites that steal your passwords. 

As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.February 20, 2022

Finzer states that the account responsible has stopped engaging in any malicious activity and has even given some of the NFTs back. But these have always been a bit of a weird and risky game to get into. One of the most famous NFT swindles saw the Evolved Ape NFT creator run