→OpenSea NFT marketplace faces rumors of a hack.
→The company denied the rumor and instead said it was a phishing attack.
→The attacker has stolen $1.7 million ETH by phishing.
Leading NFT marketplace — OpenSea is being alleged that its platform has been hacked. However, in a series of tweets, OpenSea vehemently denied the rumors.
Instead, the company’s CEO Devin Finzer said that it was a phishing attack.
In a Twitter (NYSE:TWTR) post, OpenSea reassures its users that it was investigating the specific details of the phishing attack.
They say that the attack does not appear to be email-based, rather, it is an isolated incident impacting a small number of people.
''We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of https://t.co/3qvMZjxmDB.''
— OpenSea (@opensea) February 20, 2022
The company claims that its attention was drawn to rumors that its codebase was breached and attackers stole over $200 million.
Finzer said after an investigation, they discovered that the attacker holds $1.7 million Ethereum in his wallet by phishing.
However, Finzer did not disclose the value of stolen NFTs, but a Twitter user revealed that over $200 million was lost already, to which Finzer replied it was a false claim.
A Twitter netizen argued that OpenSea is lying. The user added that a “flaw in their code led to one of the largest NFT exploits in history’’.
Finzer also reported that around 32 users have signed a malicious payload from an attacker, and some of their NFTs are reported to have been stolen.
However, the company was not aware of any phishing emails and commented that a fraudulent website might have intruded.
Finzer also said the attack does not appear to be active and the company could not see any malicious activities from the attacker’s account for a few hours.
He also asked the users to be aware of misleading websites and ensure the website reads opensea.io on the web browser.
Moreover, a blockchain security company PeckShield that audits smart contracts also reported the alleged exploit was ‘’most likely phishing’’.