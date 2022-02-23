Million Dollar NFT Heist Stark Reminder of Risks

By Gerelyn Terzo, Wealth of Geeks

With all the hype around non-fungible tokens (NFTs), it’s easy to forget that this blockchain niche remains largely unregulated. In some circles, NFTs have inherited the Wild West reputation that cryptocurrencies like bitcoin fended off in the early days. NFT critics argue these digital collectibles can be easily copied online as jpegs. However, the charm of NFTs is true ownership rights secured on the blockchain, and users are doling out thousands and even millions of dollars for this status symbol.

Investors were sorely reminded of the developing nature of NFTs last weekend when bad actors absconded with over $1 million worth of these trendy digital collectibles. OpenSea, the most popular platform for buying, selling, and minting NFTs, found itself in the middle of the heist. Meanwhile, OpenSea executives are addressing the incident and attempting to distance themselves from it simultaneously.

While the situation remains fluid, what’s clear is that nearly three-dozen market participants had their NFTs lifted from under their noses.

Based on social media accounts, the bad actors targeted OpenSea users by email, pretending to be from the platform and urging a planned migration of smart contracts. These products are synonymous with blockchains like Ethereum. Worse, OpenSea had a smart contract upgrade in the works, which gave the email recipients reason to believe it was legit. In reality, the criminals were behind what appears to be a phishing attack, at least in part, and what is being probed as a smart contract exploit.

OpenSea CEO and co-founder Devin Finzer addressed the saga in a tweetstorm, saying he didn’t believe the attack was linked to the company’s website. Nevertheless, 32 OpenSea users have seemingly “signed a malicious payload from an attacker, and some of their NFTs were stolen,” Finzer explained.

Rumors suggested that the damage from the stolen NFTs could be as much as $200 million, but Finzer attempted to lessen the blow, saying instead the hacker “has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.” The OpenSea chief also assured that the attack no longer appears active. The hacker even decided to return some of the NFTs for unknown reasons. But that hardly provided any comfort to victims of the breach.