Integrity360 comment: OpenSea NFT Phishing Attack
February 2022 by Carlo Edwards, Cyber Threat Response Analyst, Integrity360
In light of the news surrounding NFTs being stolen from OpenSea through a phishing attack, please see comment from Carlo Edwards, Cyber Threat Response Analyst, Integrity360:
NFTs have been around since 2014, but have skyrocketed in popularity in the last year. For this reason, we should expect to see more phishing attacks surrounding these. Take Cryptocurrency as an example, a few years ago, this was relatively unheard of, but now there is barely a day that goes by where a cryptocurrency phishing email doesn’t appear in a spam folder somewhere.
We have seen previous successful phishing attempts targeting NFT collectors. Recently, $2.2 million worth of "Bored Ape Yacht" club images were stolen. The victim had reported that this was due to a phishing link they had clicked. In this case, the attackers have taken advantage of the news that OpenSea are migrating their Etherum listings to a new smart contract. It is often the case that motivated attackers will use information to formulate a more convincing message to disseminate to their intended victims.
There have been thoughts that NFTs could be used in money laundering, similar to how criminal organisations have long used rare or high value art for illegal transactions. Additionally, there have been reports of malicious actors impersonating well known creators and selling fake certificates of ownership, so this phishing attack could be just the start of many things to come.