Here’s how the Attackers hacked the largest NFTs Marketplace(Again)

Sahana Kiran
NFT
Source – Unsplash

The article was updated at press time with OpenSea’s update.

Non-fungible tokens, also known as NFTs, have been in high demand of late. As a result of the large number of people who entered this market, criminals were able to enter as well. OpenSea was hacked yet again, just as the world’s largest NFT marketplace was recovering from an attack in January.

In response to the growing number of hacks and attacks on NFT platforms, OpenSea decided to eliminate inactive NFTs from its platforms. Users were further encouraged to migrate their NFTs from the Ethereum blockchain to a new smart contract during this upgrade.

According to reports, this procedure did not necessitate the payment of a gas fee. If users failed to do so, there was a good chance that their tokens would be marked as inactive. Following OpenSea’s announcement, several people took to Twitter to report an attack on the marketplace.

The ongoing attack sparked a flood of tweets on Twitter. Several users urged OpenSea to put the migration upgrade on hold. The source of the attack was the subject of an array of theories. The phishing attack was on the radar of many and OpenSea itself.

Inactive NFTs are the ones in danger

The Co-founder and CEO of OpenSea brushed off all rumors and affirmed that 32 users had lost their NFTs worth about $1.7 million.

Hours and several conjectures later, the CTO of OpenSea, Nadav Hollander took to Twitter to really explain what had occurred. Hollander pointed out that the fraudulent orders created by the attackers entailed valid signatures from the aforesaid 32 users. At the time of signing, however, none of these orders were sent to OpenSea.

Further establishing that the fraudulent orders were not executed against the latest contract, Wyvern 2.3, Hollander noted that the signatures were unlikely to be related to OpenSea’s migration flow. It was further brought to notice that the signatures were obtained before the migration.

Therefore, OpenSea pointed out that the attack had most likely taken out of the marketplace. Alerting the community and elaborating on the same the CTO added,

“On this point, you’ll notice that all new orders signed on OpenSea (including migrated orders) use the new EIP-712 format — a change of any kind is understandably scary, but this change actually makes signing much safer as you can better see what you’re signing.”

Additionally, the marketplace was working with the affected users to thoroughly investigate the issue. While an array of them came in support of the NFT marketplace, a few others began rolling out comments about how this could be the end of OpenSea. At press time, OpenSea released another statement on Twitter. The organization stated,

OpenSea also confirmed that the impacted individuals are down to 17, which was initially supposed to be 32. Additionally, the attack was not active anymore as no malicious activity was detected in the past 15 hours.