Yesterday, OpenSea issued a one-week deadline for a new smart contract update. Hackers, on the other hand, had a little window of opportunity due to the urgency and tight deadline.Within hours after announcing a week-long planned update to delist inactive nonfungible tokens on the platform, major nonfungible token (NFT) marketplace OpenSea has apparently fallen prey to an ongoing phishing attempt.
Upgrading Contracts
OpenSea released a smart contract upgrade only yesterday, requiring users to convert their listed NFTs from the Ethereum (ETH) blockchain to a new smart contract. Users that do not transfer from Ethereum risk losing their old, dormant listings, which presently do not need gas payments for migration.However, because of the urgency and short deadline, hackers had a brief window of opportunity Several sources began reporting on an ongoing attack on the soon-to-be-delisted NFTs within hours of OpenSea’s upgrade announcement. According to subsequent inquiry, the NFTs were obtained through phishing emails before being moved to OpenSea’s new smart contract. After a user agrees to the migration via a phony email, the attackers get access to the NFTs. Users should be wary of all mailings from OpenSea and remove all privileges linked to the upcoming smart contract migration.
The phishing attack cost 32 people their NFTs, according to Devin Finzer, co-founder and CEO of OpenSea. While the NFT marketplace has yet to understand the ongoing phishing attempt, blockchain investigator Peckshield believes the phishing attack is being fueled by a possible loss of user data.
In conjunction with a suspected tax evasion plan, Her Majesty’s Revenue and Customs (HMRC), the UK’s main tax authority, seized three NFTs. The accused created 250 fictional “shell” companies and used false names to avoid paying 1.4 million British pounds ($1.8 million) in value-added taxes.
