The New York-based firm said it believed that this phishing attack originated outside OpenSea website.
Some users on non-fungible token (NFT) marketplace OpenSea were targeted with a phishing attack that resulted in the users losing NFTs worth about $1.7 million, according to the company.
OpenSea co-founder and CEO Devin Finzer had initially noted that some of the NFTs of 32 users were stolen by an attacker. However, the company later confirmed that it narrowed down the list of impacted individuals to 17.
“Rumours that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs,” Finzer said in a tweet.
The New York-based firm said it believed that this phishing attack originated outside OpenSea website and it “does not appear to be active” with “no activity on the malicious contract” in over 15 hours.
“All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time. However, none of these orders were broadcast to OpenSea at the time of signing,” OpenSea CTO Nadav Hollander, tweeted.
The phishing attack affected the users when the NFT marketplace was in the process of upgrading to the new Wyvern smart contract system, which according to the firm, would help address the inactive listings issue on Ethereum. OpenSea, however, clarified that the migration tool is safe to use.
“None of the malicious orders were executed against the new (Wyvern 2.3) contract, indicating that they were signed before the migration and are unlikely to be related to OpenSea’s migration flow,” Hollander explained.