OpenSea phishing attack: All you need to know

What is the News?

Social media posts have alleged that non-fungible token (NFT) marketplace OpenSea was hacked, compromising assets worth $200 million.

What is OpenSea?

OpenSea is a non-fungible token marketplace headquartered in New York City. 

What exactly happened with OpenSea?

There was a phishing attack that was targeted at users of OpenSea and not the marketplace, The targeted users were sent a phishing email in the name of OpenSea with a malicious payload (malware). 

Note: Phishing is a method in which users are contacted by email, telephone or text message by posing as a legitimate institution to lure into providing sensitive data such as personal information, banking and credit card details.

What are the identity issues with NFT?

The premise of NFT is to establish proof  of  ownership  of  a  digital  asset that  can be anything from property to artwork or music stored on a blockchain platform. 

When a digital asset is tokenized as NFT, a unique code is generated and stored on the blockchain network. This can be used to identify the creator as well as the future and past owners. 

However, in case of a scam or a data breach, identifying the attacker can be difficult as crypto wallets are built on the principle of anonymity and do not seek to know your customer details.

Is phishing the only way for NFTs to be stolen?

There are many other ways. For instance, attackers can target NFT communities on Discord or Telegram.

Also, attackers can pretend to be buyers or sellers and gain access to the target’s wallet during the transfer of ownership.

Source: This post is based on the article “OpenSea phishing attack: All you need to know” published in Livemint on 22nd February 2022.