A major Opensea exploit is ongoing – here’s how to protect yourself

Opensea’s smart contracts are rumoured to be exploited by a hacker, who has currently drained more than US$1.7m of funds and dozens of valuable NFTs from 32 traders.

Opensea acknowledged the exploit in a tweet and stated that the exploit appears to be a phishing attack which caused some users to sign a malicious payload from the attacker, giving the attacker permission to steal the NFTs from a user’s wallet.

The timing of the attack was well planned, considering that Opensea on Friday had launched a new version of its exchange smart contract to patch a vulnerability where old, inactive NFT listings on its platform would properly expire.

Some traders have flagged that they received a phishing email from what seemed like Opensea – asking them to migrate to the new contact – of which blockchain security firm Peckshield cautioned it as a possible phishing attack.