Opensea co-founder and CEO, Devin Finzer, has denied rumors that the non-fungible token (NFT) marketplace’s codebase was breached and that attackers had stolen $200 million. According to Finzer, an investigation had shown that the attacker had $1.7 million worth of ethereum in his wallet by leveraging a phishing scheme.
Attacker Reportedly Returns Some Stolen NFTs
Devin Finzer, the co-founder and CEO of Opensea has denied reports that the NFT marketplace has been breached. Instead, Finzer has characterized the alleged hacking incident as a “phishing attack,” which he insists is not connected to Opensea’s website. He did, however, admit that some of the more than 30 users that “signed a malicious payload from an attacker” had their NFTs stolen.
While Finzer did not give the estimated value of the stolen NFTs, a Twitter user named Mr. Whale suggested in a tweet, posted a few hours after the breach, that “over $200M [was] lost already.” Another user named Jacob King rejected Finzer and Opensea’s phishing attack claim. The user claims that a “flaw in their code led to one of the largest NFTs exploits in history.”
#OpenSea is now lying and claiming the exploit was actually just phishing emails people were receiving.
— Jacob King (@JacobOracle) February 20, 2022
However, in a Twitter thread posted on February 20, Finzer rebuts these claims. He said an investigation had, in fact, shown that the attackers had returned some of the NFTs. He explained:
The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned.
Finzer also claimed that the Opensea team was not aware of any recent phishing emails that have been sent to users. The CEO said at the time when he posted the thread, the team was yet to determine the website that had been “tricking users into maliciously signing messages.”
Attackers’ Wallet Has $1.7 Million Worth of ETH
Also to back the findings of Opensea’s investigation, the CEO pointed to a more technical context of what transpired which was shared by another Twitter user Neso.
Finzer ends his thread by dismissing rumors that suggested that this was a $200 million hack. According to him, the Opensea team had determined that “the attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.”
We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea’s website. Do not click links outside of https://t.co/3qvMZjxmDB.
— OpenSea (@opensea) February 20, 2022
Meanwhile, in another thread, Finzer said after his team got in touch with “dozens” of people and teams across the NFT space, and he is confident this was a phishing attack. He added that Opensea was now actively “working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.”
What are your thoughts on this story? Tell us what you think in the comments section below.