(Bloomberg) — Activity on OpenSea, the world’s largest marketplace for digital collectibles, dropped precipitously after a phishing attack that saw traders lose as much as an estimated $3 million.
Trading in nonfungible tokens has plummeted more than 70% in the last four days, according to data provider DappRadar, falling from 70,100 transactions prior to the attack to a low of 19,400 on Sunday.
An unidentified hacker stole 254 tokens from OpenSea users by sending a malicious email asking to transfer their assets to a new contract. Around 17 traders signed the contract, which effectively acted as a blank check, giving the hacker access to all of the NFTs stored on their wallet.
Some of those assets have since been sold, netting the perpetrator a hefty gain. Devin Finzer, OpenSea’s chief executive officer, valued the total amount stolen at $1.7 million on Sunday, but researchers since have valued the pile at anywhere between $2 million and $3 million. Among the stolen NFTs included four Bored Apes, three of which were later sold on rival platform LooksRare for a combined $667,000, according to data from blockchain security service PeckShield.
The daily volume of NFTs being traded fell similarly over the same period, dropping from $77.6 million before the heist to $9.8 million on Sunday. Meanwhile OpenSea’s total daily user base slid from 39,000 on Feb. 18 to just 10,400 on Monday.
OpenSea did not immediately respond to a request for comment.
OpenSea said on Monday that the attacker’s crypto wallet has gone quiet since the theft, with no transaction activity spotted in the last 24 hours.
The marketplace’s Chief Technology Officer Nadiv Hollander said the incident demonstrated a need for more awareness about the security issues surrounding off-chain signatures among NFT traders, but noted that the attacker was able to fool their victims because of an ongoing contract migration.
“Education on not sharing seed phrases or submitting unknown transactions has become more widespread in our space. However, signing off-chain messages requires equal consideration,” said Hollander.
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.
