I know you’re all worried. We’re running an all hands on deck investigation, but I want to take a minute to share the facts as I see them:
Conversation
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
70
256
966
The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned.
19
42
590
We are not aware of any recent phishing emails that have been sent to users, but at this time we do not know which website was tricking users into maliciously signing messages.
16
29
453
Always double check that you are interacting with opensea.io in your browser when you sign messages.
3
51
461
If you are an affected user, please DM so that we can thoroughly investigate — we’d love your help.
22
61
472
For more technical context, this thread (twitter.com/Nesotual/statu) is consistent with our current internal understanding.
This Tweet is unavailable.
If you are concerned and want to protect yourself, you can un-approve access to your NFT collection etherscan.io/tokenapprovalc
42
83
494
Importantly, rumors that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.
54
75
378
references a Wyvern order. Would this attack not have been possible on the old OpenSea smart contract?
1
Isn't it the case then, that a different strategy for swaps would have prevented this phisher from doing what they did?
Does this mean I am OK though?! Says no approved contracts found … is that correct
I only went to OS to post an item for sale and this message came up to sign. I didn't sign it. It did not appear when browsing through my MM
Are you guys doing anything to help make this right with customers like me that lost our NFTs???
Show additional replies, including those that may contain offensive content
Show