Learn the lesson from OpenSea phishing attack

Back to listing

Learn the lesson from OpenSea phishing attack

As NFTs trading frenzy continues, some projects has recorded sky high prices, fraud and scam cases also increased. Over US$1.7 millions in NFTs was swindled in the recent phishing attack on NFT marketplace OpenSea. The incident involved 254 NFTs being stolen which included some of the invaluable collection of Bored Ape Yacht Club and Azuki NFTs. It raised public concern about the cyber attacks on blockchain. Is your NFT safe?


How did the OpenSea users lose their NFTs? 

After investigation, it is believed that hackers sent phishing emails to users during the smart contract system update of OpenSea. The phishing email mimicked the real smart contract upgrade email of the platform, and invited users to log in to the website and migrate their existing NFT listings to a new smart contract by, otherwise all existing auctions will be removed after February 25. 


Hackers also set up another smart contract in the phishing website. Many users have mistaken that it is an official email, and entered the phishing website. Users then have signed the authorization to allow hackers to transfer NFTs from their wallet.


OpenSea CEO Devin Finzer tweeted that the new contract has no issue, and the attacks had not originated from OpenSea’s website. It is believed to be a phishing attack. 



This is the look-so-real phishing email of the incident. 



How to protect your NFT and other digital assets? 

With the rising value of many NFT collections, hackers have their eye on the users' wallets. In addition to NFT, hackers will also transfer other assets in the victim's wallet, such as Ethernet (ETH) and Bitcoin (BTC).

To avoid your assets being stolen, learn the following tips:

  • Use multiple independent wallet addresses to handle transactions of different NFT projects to reduce the risk of simultaneous theft.
  • Crypto social media Discord is getting popular. Beware of the unofficial announcement links in the group, or admin private messages.
  • Note whether the email sender is from the official email. For instance, the most commonly used hot wallet Metamask does not have the user's email address. Be alert when receiving email from Metamask.
  • Trusted platforms will not ask users to submit the "seed phrase" of your wallet.
  • Use a cold wallet to hold your assets. Remember to purchase your wallet from official channels.




Blockchain Fun Facts: 4 things you might not knowlockchain Development Is Inevitable: Hong Kong's 5 Advantages in Developing Blockchain Technology【FinTech Dark War & To Cheung】Shih-Wing-Ching-attitude-towards-Bitcoin-changedWill Binance die first and survive later?推行CBDC長路漫漫|章濤專欄