Opensea CEO Dismisses $200 Million Hack Rumor, Claims Incident Was a Phishing Attack
Opensea co-founder and CEO, Devin Finzer, has denied rumors that the non-fungible token (NFT) marketplaceās codebase was breached and that attackers had stolen $200 million. According to Finzer, an investigation had shown that the attacker had $1.7 million worth of ethereum in his wallet by leveraging a phishing scheme.
Attacker Reportedly Returns Some Stolen NFTs
Devin Finzer, the co-founder and CEO of Opensea has denied reports that the NFT marketplace has been breached. Instead, Finzer has characterized the alleged hacking incident as a āphishing attack,ā which he insists is not connected to Openseaās website. He did, however, admit that some of the more than 30 users that āsigned a malicious payload from an attackerā had their NFTs stolen.
While Finzer did not give the estimated value of the stolen NFTs, a Twitter user named Mr. Whale suggested in a tweet, posted a few hours after the breach, that āover $200M [was] lost already.ā Another user named Jacob King rejected Finzer and Openseaās phishing attack claim. The user claims that a āflaw in their code led to one of the largest NFTs exploits in history.ā
#OpenSea is now lying and claiming the exploit was actually just phishing emails people were receiving.
This is 100% not true, but rather a flaw in their code which led to one of the largest #NFT exploits in history. pic.twitter.com/qGRq0MaFT1
ā Jacob King (@JacobOracle) February 20, 2022
However, in a Twitter thread posted on February 20, Finzer rebuts these claims. He said an investigation had, in fact, shown that the attackers had returned some of the NFTs. He explained:
The attack doesnāt appear to be active at this point ā we havenāt seen any malicious activity from the attackerās account in 2 hours. Some of the NFTs have been returned.
Finzer also claimed that the Opensea team was not aware of any recent phishing emails that have been sent to users. The CEO said at the time when he posted the thread, the team was yet to determine the website that had been ātricking users into maliciously signing messages.ā
Attackersā Wallet Has $1.7 Million Worth of ETH
Also to back the findings of Openseaās investigation, the CEO pointed to a more technical context of what transpired which was shared by another Twitter user Neso.
Finzer ends his thread by dismissing rumors that suggested that this was a $200 million hack. According to him, the Opensea team had determined that āthe attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.ā
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of https://t.co/3qvMZjxmDB.
ā OpenSea (@opensea) February 20, 2022
Meanwhile, in another thread, Finzer said after his team got in touch with ādozensā of people and teams across the NFT space, and he is confident this was a phishing attack. He added that Opensea was now actively āworking with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.ā
What are your thoughts on this story? Tell us what you think in the comments section below.