According to blockchain records, the hacker was able to freely transfer NFTs from many users to their addresses. Examples from the Bored Ape Yacht Club are among the stolen NFTs.
Users of the OpenSea platform are allegedly being targeted by hackers who are stealing and reversing high-value NFTs. For the record, OpenSea is the world’s most popular NFT marketplace. OpenSea transactions made Ghozali a billionaire in Indonesia, as well.
In the midst of this investigation, we still don’t know how this attack works. A red flag appeared at the top of OpenSea’s website on Saturday night, though.
“We are currently researching rumours of smart contract exploits using OpenSea’s smart contracts. OpenSea’s website looks to be the target of a phishing scam. Opensea.io connections should not be followed outside of the site, “As the sign says,
When certain criteria are satisfied, a smart contract, a software recorded on the blockchain, is triggered to execute. In order to prevent fraudsters from stealing precious NFT from collectors on OpenSea, OpenSea has implemented a new smart contract that forces users who sell NFT on the site to update to the new contract.
Some NFT users have suggested that a malicious actor fooled individuals by creating a false website that resembled the one used to upgrade the smart contract. – There is no response from OpenSea as yet.
The hacker was able to freely move several NFTs from different users to their addresses, as evidenced by the blockchain. A number of popular items, including those from Mutant Ape Yacht Club and Bored Ape Yacht Club, were taken.
NFTs from the Azuki collection have also been sold by the hacker, one of which was sold for 13.4 ETH or over Rp 521.2 million. More than 600 ETH, or about IDR 28.6 billion, have been stolen from the hacker’s wallet.
Some of the stolen goods may, however, have been restored. One such instance is the theft of several NFTs from a single user, among them the extremely expensive NFT BAYC (Bored Ape Yacht Club). NFTs were then returned, except for BAYC which remains frozen on OpenSea.
In the opinion of security expert Dan Guido, the web3 platform’s security is solely dependent on wallets with a notoriously bad user experience for security. On Twitter, he remarked, “And there’s really nothing the platform can do about it.” He went on to say that any stolen NFTs may be visible right now.