Hackers sell stolen NFTs from digital marketplace for almost $2 million

Feb. 21 (UPI) -- Close to $2 million worth of non-fungible tokens, or NFTs, were stolen and sold after an apparent phishing attack over the weekend, authorities said.

The attack targeted U.S.-based NFT marketplace OpenSea on Saturday, the exchange's founder and CEO said.


Initially, it was reported that $200 million worth of NFTs were stolen.

Phishing is a common type of digital theft, which occurs when a hacker or thief attempts to steal personal information by posing as a trusted entity, often via email.

"Importantly, rumors that this was a $200 million hack are false," OpenSea CEO Devin Finzer said in a tweet. "The attacker has $1.7 million of [cryptocurrency] in his wallet from selling some of the stolen NFTs."

Blockchain security service PeckShield said about 250 NFTs were stolen, including popular ones like Decentraland and Bored Ape Yacht Club. Most of the attacks happened late on Saturday and affected almost three dozen users.

"We don't believe it's connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen," Finzer added.

Finzer said the phishing attack isn't active and that some of the stolen NFTs have been returned.


The two-part attack targeted individuals to sign partial contracts and the signatures were used to complete a contract that transferred ownership of the NFTs without payment.

The investigation hasn't pointed to which website was "tricking users into maliciously signing messages."

The attack may have originated from a weakness in the Wyvern Protocol -- an open-source standard for most NFT contracts including OpenSea.

Latest Headlines