The Implications Of Opensea Phishing Scam

08 April 10:28

Opensea is an essential tool for a digital artist and NFT enthusiast.

Opensea was founded in 2017 by Devin Finzer and Alex Atallah.

Opensea provides a decentralized platform for creators, buyers, investors, and enthusiasts of NFT to see and purchase minted digital arts.

Recently, the Opensea marketplace was attacked.

The attack witnessed the loss of over 250 NFTs that were estimated to be worth over $1.7 million.

The attack was a phishing attack that deployed the use of malicious email by tricking unsuspecting users into signing a dubious contract.

Opensea is one of the largest marketplaces for Non-fungible tokens (NFT).

As a digital art creator, you can list your collections on Opensea and meet interested buyers who will place their bids for your minted item.

Recently, the Opensea marketplace witnessed an attack that led to the loss of over 250 NFTs estimated to be worth around $1.7 million.

Investigation showed that the attack was carried out using the phishing attack method.

Before examining how the attack occurred and the impact, let's look at Opensea as a digital marketplace and the mystery behind the phishing attack.

Opensea As A Digital Art Marketplace

Opensea was founded in December 2017 to allow buyers and sellers of NFTs to meet and make transactions.

The Duo of Devin Finzer and Alex Atallah founded the world's first and largest NFTs marketplace with its headquarters in New York.

Opensea is a decentralized marketplace open to all digital artists and enthusiasts.
Currently, this digital marketplace holds an estimated 80 million NFTs across two million collections with $70.78 million in Ethereum worth.

The entry requirement for setting up an Opensea creator account is low, and it is easy to create your NFT and set up your Opensea account.

For every NFT sale, Opensea takes a meager 2.5% as the platform's upkeep fee. The predominant token for buying and selling NFTs on Opensea is Ethereum (ETH).

Opensea, as a digital marketplace, has continued to enjoy patronage from artists across several locations.

In August 2021, Opensea recorded over $3.5 billion trading volume of NFTs. An exponential rise from just $21 million volume in 2020.

Having highlighted the importance of Opensea to a digital artist, let's go straight to the phishing attack and how it occurred.

What Is A Phishing Attack?

Phishing is a popular form of digital robbery whereby an unsuspecting user is tricked into clicking a malicious link or checking a website.

Once you click the link or website, the malware automatically attacks your device and makes it vulnerable.

Phishing could also be a social engineering attack whereby your data and sensitive information such as login credentials and credit card numbers become available to the hacker.

There are various ways in which phishing attacks can occur. An attacker can masquerade themselves as a trusted entity or create a very similar identity to the trusted one.

It will be tough to detect that the entity is fake, and you will unconsciously click on a link, open an email or text message that contains malware.

The phishing attack that led to the loss of over 250 NFTs on Opensea was carried out over the weekend. The holders of the NFT were unsuspecting and fell for the trick.

They received mail that instructed them to migrate their digital arts to another wallet. Every digital artist that opened the mail was attacked.

By opening the mail, the hackers had access to their valid signatures and could connect the crypto wallets of those users to a fraudulent site.

Another investigation revealed that the hacker tricked the users of the stolen NFTs into signing a fraudulent signature. They agreed to sell their digital arts at 0ETH to the attacker's wallet by signing the contract.

Some experts opined that the successful attack occurred because Opensea uses email to communicate with its users. So it was difficult for the users to know that the mail they received was from an illegitimate source.

Opensea launched its customer service server powered by Web3 communications platform Metalink to forestall a future phishing attack.

This newly launched communication channel will enable you to chat directly with customer support and prevent fraudsters from pretending to staff.

The customer service communication server will enable you to get support, give suggestions, receive timely responses and updates directly from the Opensea management.

Having identified how the phishing attack could be carried out, we shall proceed to the implications and the effect of such attacks on investors and enthusiasts of digital assets.

Implications Of Opensea Phishing Attack

The attack on the Opensea wallet of some users that led to the theft of over 250 NFTs is quite shocking.

Firstly, many users thought the digital marketplace was safe and free from external attacks.

Several investors felt they could keep a substantial amount of their assets in a haven by purchasing NFTs and keeping them in their blockchain wallets.

However, this attack has left the investors in doubt. Many of them are now looking for a safer alternative that will not compromise the confidentiality of their holdings.

Another implication of the attack is that even though email messaging is still an effective communication medium, it is vulnerable to attack.

Most organizations use email for official communications. When people receive emails carrying official addresses, they pay little attention to the content and go ahead to do what the mail authorizes them to do; with that attack, the email marketers will suffer a considerable setback.

Those individuals that fell victims to the phishing attack will not trust email communications, even if they are from genuine senders. Some are likely to stop using their email address and look for alternative communication mediums.

Conclusion

As app developers deploy all means to ensure their apps are free from all forms of attack, hackers are also exploring all means to attack the apps.

Therefore, it is essential to keep strengthening the security architecture of these apps and make upgrades available frequently. Especially for apps such as Opensea and the likes that hold substantial assets and worth.

Even though the phishing attack has occurred and the stolen NFTs have been traced to a private wallet, there is the need to ensure that the user's confidence is reposed and that such attacks do not occur later.

Author: Valentine A., Gate.io Researcher
This article represents only the researcher's views and does not constitute any investment suggestions.
Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.

Unbox Your Luck and Get a $6666 Prize