There is an ongoing attack targeting OpenSea users, resulting in the theft of millions in Ethereum and NFTs from users’ wallets. While the method of attack on OpenSea is not yet clear, the safest course of action is to revoke your wallet access to OpenSea for now.
On Saturday night, a series of transactions were executed for 0 ETH each, which resulted in high value NFTs being exchanged from users’ wallets into the wallets of a hacker. Many of these NFTs are currently frozen, but the hacker was able to offload roughly $3M in ETH (>1,000 ETH) before the assets were locked. According to OpenSea, “this appears to be a phishing attack originating outside of OpenSea's website.”
Twitter user @isotile explains what appears to have happened by analyzing the etherscan record in a tweet thread. According to @isotile, the hacker used a phishing email claiming to be OpenSea and needing users to upgrade to a new contract. Once a user has followed the link provided and signed the transaction, they’ve fallen victim to the exploit. Instead of upgrading to a new OpenSea contract, users are actually signing a private sale with the hacker for 0 ETH through an exchange called Wyvern.
The hacker waited until today, and synchronously purchased these NFTs before their private sale listings on Wyvern expired. According to @isotile, the telltale sign that this was not a hacking event, but rather a phishing scam, was that each of the transactions had a user’s wallet signature. This was consistent across all of the scam transactions on Etherescan. Another Twitter user @Nesotual points out that Wyvern contracts are much more flexible than those of OpenSea, and thus do not have as much validation for user protection.
While OpenSea continues to investigate, it has put up an orange banner on the home site warning users, “We're continuing to investigate rumors of a phishing attack originating outside of OpenSea. Do not click links outside of opensea.io.“ OpenSea has been in the news frequently as of late as competitors come out of the woodwork, features are leaked, and as it receives public backlash over the company’s direction.