OpenSea Specifies The Number Of Affected Users But Still Finding The Cause Of Hack
https://ift.tt/1okAcO7
OpenSea, a New York-based NFT marketplace that claimed it got hacked over the weekend, publicizes the new number of individuals affected in a so-called “phishing attack.” The company’s tweet specifies 17 individuals fallen to the victim instead of its prior estimate of 32. But the company still has not identified the primary source cause to hack.
The company’s statements also clarified;
Our original count included anyone who had *interacted* with the attacker, rather than those who were victims of the phishing attack.” Also, the “attack does not appear to be active at this time” and “there has been no activity on the malicious contract in >15 hours.
Related Reading | OpenSea Confirms Phishing Attack Affecting Multiple Users, Here Are The Facts
Victim NFT traders started to inform their losses to the company on Saturday. Stolen funds include famous NFTs collections such as Doodle and Cool Cats.
In response to the community, the firm stated in a tweeted;
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of http://opensea.io.
The CEO of OpenSea, Devin Finzer, said that the company does not believe hackers accessed users’ accounts breaching their website security. Instead, he says users might be invited to an outbound link loaded with malicious entities, and those who clicked the link lost their funds.
The firm also claimed that the “attack does not appear to be email-based.”
Victims Reaction On OpenSea Claims
The company’s statement did not convince all victim users, and some of them started to blame the firm. One user urged that what type of pishing attack it was which do not contains an email and company should give detail what happened as millions of dollars went into the air.
Head of technology at OpenSea, Nadav Hollander, also called it users’ mistake to approve malicious contract hackers sent them and said:
All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time.
Related Reading | Moving Beyond OpenSea
In the past, consumers were also facing inactive listings on the platform. As a result, the firm updated its smart contract chain on Friday, which required users to move their listings on ETH.
Similarly, few users stated migration as the cause behind the hack. While Hollander told them that malicious orders were “signed before the migration and are unlikely to be related to OpenSea’s migration flow.”
Ryan Selkis, founder and CEO of blockchain analysis firm Messari, called that exploit a lesson for users to learn the importance of signature keys and self-custody while upgrading. The higher you are rewarded with risks in crypto-space, the higher you invest.
He says;
This sucks for all users who were affected. I’m not trying to victim shame them. But if you’re in crypto, self-reliance is integral to the products you use, and you’re rewarded for risks with higher upside. i.e., don’t blame OpenSea.
In addition, in late January 2022, users also reported errors in the OpenSea’s interface design, showing meager prices while buying NFTs.
Featured image from Pixabay and Chart from TradingView.com
Cryptocurrency