Opensea CEO Dismisses $200 Million Hack Rumor
Devin Finzer, the co-founder and chief executive of Opensea, has dismissed rumors that the codebase of the non-fungible token (NFT) marketplace had been breached and attackers had walked away with $200 million. Finzer stated that according to an investigation, an attacker had leveraged a phishing scheme to add $1.7 million worth of Ethereum in his wallet. The alleged hacking incident was characterized as a ‘phishing attack’ by the CEO, who went on to insist that it had nothing to do with Opensea’s website. However, he did admit that a malicious payload was signed by more than 30 users that had come from an attacker.
Therefore, the users’ NFTs had been stolen. The chief executive did not provide any estimate of the value of the NFTs that were stolen. However, a couple of hours after the breach, a Twitter user by the name of Mr. Whale said that they had already lost more than $200 million. Jacob King, another user had rejected the claim of the phishing attack made by Opensea and Finzer. The user stated that the largest NFT exploit had occurred in history, all because of a flaw in Opensea’s code. But, these claims were rebutted by the cofounder on a Twitter thread that had been posted on February 20th.
The CEO stated that an investigation had revealed that some of the NFTs had been returned by the attackers. He added that at this point, the attack didn’t appear to be an active one, as there hadn’t been any malicious activity in 2 hours from the attacker’s account. Finzer went on to say that Opensea’s team did not have any knowledge of any recent phishing emails that were sent to its users. At the time of posting the thread, the CEO had said that the team was yet to determine if the website had been tricking users into signing messages maliciously. The CEO also backed the findings of Opensea’s investigations by pointing out a technical context of what had happened.
Finzer put an end to the thread by claiming that the $200 million hack was only a rumor. He said that the Opensea team had determined that some of the stolen NFTs had been sold by the attacker and that is how he had added $1.7 million Ethereum to his wallet. Finzer also said in another thread that the team had gotten in touch with ‘dozens’ of people as well as other teams spread across the NFT space.
He said that after doing so, he was confident that this had only been a phishing attack. He went on to say that Opensea was also working with all the users who had had their items stolen. The CEO said that they were working on narrowing down the list of common websites that these users had interacted with, as they could have been responsible for the phishing attack and malicious signatures. This would clarify that a phishing attack had occurred and there had been no hack whatsoever, as the executive has claimed.