Major nonfungible token (NFT) marketplace OpenSea announced a service upgrade on Saturday, which requested that users migrate their listed assets from the Ethereum (ETH) blockchain to a newly created smart contract.
However, in the hours that followed, 32 users of the platform became victims of a targeted email phishing attack which resulted in an anonymous entity stealing $1.7 million worth of ETH.
OpenSea CEO, Devin Finzer published a tweet thread explaining that the breach was orchestrated via fake email scams which assured users of their OpenSea identity, convinced them to sign a digital message with their wallet, and therefore unknowingly granted a transferable license to the asset from the hacker.
CTO Nadav Hollander also published a tweet account stating that “none of the malicious orders were executed against the new (Wyvern 2.3) contract, indicating that they were signed before the migration and are unlikely to be related to OpenSea’s migration flow.”
Following on from this, Hollander called for greater security education in the Web3 space, specifically around the signing of off-chain messages.
Here’s a technical deep dive on recent events, from our CTO: https://t.co/2x2CBBCNtY
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
Three of the lost NFTs belonged to the popular NFT collection Azuki. The project, which had 10,000 avatars, is centered around cultivating an inclusive metaverse community made up of Web3 artists and advocates.
The projects acquired inspiration from the Azuki bean — also named an Adzuki bean — an Eastern Asian culinary staple, as well as a message of good omen in Japanese culture. References to taking the red bean and the upcoming BEAN token establish this intention. Azuki currently has a floor price of 11.79 ETH, equivalent to $32,155.
Related Mintable app to support minting NFTs on the layer two Immutable X protocol
In a philanthropic turn-of-events, NFT marketplace Mintable purchased three of the Azuki’s on rapidly emerging OpenSea competitor, LooksRare for 0.2…