Web3, the famous decentralized internet technology that has centralized much of the NFT marketplace into a single shopfront (Opensea), woke up over the weekend to find that some of its users’ wallets had reportedly been compromised and loads of valuable NFTs stolen.
The alarm was raised yesterday when some users noticed that some NFTs – including some Bored Ape Yacht Club and Mutant Ape Yacht Club JPGs – were missing from their wallets. Aside from the fact that it appears to have been the work of a single person (or at least a single account), we are all to know sure at the time of publication. How all that stuff went missing and how much the heist is “worth” are two of the details that are still up in the air.
Opensea co-founder and CEO Devin Finzer says the site is fine and “as far as we can tell” those affected were victims of a “phishing attack”.
However, other users are not so sure. Some victims say that they never opened emails and that the only thing they all had in common was that they manually migrated their collections to a new smart contract on the platform (a step implemented by themselves, because he “fixes an issue with inactive entries that allowed scammers to steal valuable NFTs from collectors on OpenSea
Also unknown is the exact dollar value of what was stolen. While it’s obviously impossible to put a definitive price tag on stolen NFTs, since anyone outside of the cult would say they’re valued at “nothing,” estimates of the heist’s “value” among these jerks range from ridiculous (200 million dollars) to much more modest sums (Finzer himself says: “The attacker has $1.7 million in ETH in his wallet because he sold some of the stolen NFTs”). A third possibility is this The attacker actually made off without about $2.9 million
And that’s not even the wildest part! Somehow, for some reason, the attacker not only stole, he also in some cases … gave back? Like Robin Hood, only when Robin Hood had no idea what he was doing. as the wonderful Web 3 is running great report:
It was later determined that one attacker was successful phished Tricked 32 OpenSea users into signing a malicious contract that allowed the attacker to take the NFTs and then flip them. Curiously, the hacker returned some of the NFTs to their original owners, and one victim inexplicably received 50 ETH ($130,000) back from the attacker, as well as some of their stolen NFTs.
Remember, the whole point of blockchain, as the cult’s followers will be only too happy to tell you, is that it’s immovable and eternal, and that everything that happens leaves an immutable mark. Shit like this shouldn’t happen because the blockchain is so much more secure than the existing internet!
And yet! Here we are. With users either falling for a phishing scam, like your grandparents trying to snag a cheap flight to Florida on Facebook, or falling victim to a fundamental security breach at one of the most central locations of a supposedly decentralized technology.
Speaking of which, if the words “opensea” and “art theft” come to mind, it could be due to reports from various media outlets –like this one, from The guard Last month– Details on the practice of stealing work by bots by sites like DeviantArt and sold on Opensea without the artist’s knowledge or permission.
