According to Finzer, this was a phishing attack that was targeted at users of OpenSea and not the marketplace. The targeted users were sent a phishing email in the name of OpenSea with a malicious payload (malware). The attacker is believed to have exploited the short deadline given by the platform to its users to migrate their listed NFTs from Ethereum to a new smart contract. The objective of the exercise was to delist inactive NFTs. So far, 32 users have fallen for the phishing scam and downloaded the malicious payload, allowing the attacker access to their Ethereum wallets and NFTs on it.

{{^adFree}} {{/adFree}}