Opensea CEO Dismisses $200 Million Hack Rumor, Claims Incident Was a Phishing Attack

Opensea co-founder and CEO, Devin Finzer, has denied rumors that the non-fungible token (NFT) marketplace’s codebase was breached and that attackers had stolen $200 million. According to Finzer, an investigation had shown that the attacker had $1.7 million worth of ethereum in his wallet by leveraging a phishing scheme.

Attacker Reportedly Returns Some Stolen NFTs

Devin Finzer, the co-founder and CEO of Opensea has denied reports that the NFT marketplace has been breached. Instead, Finzer has characterized the alleged hacking incident as a “phishing attack,” which he insists is not connected to Opensea’s website. He did, however, admit that some of the more than 30 users that “signed a malicious payload from an attacker” had their NFTs stolen.

While Finzer did not give the estimated value of the stolen NFTs, a Twitter user named Mr. Whale suggested in a tweet, posted a few hours after the breach, that “over $200M [was] lost already.” Another user named Jacob King rejected Finzer and Opensea’s phishing attack claim. The user claims that a “flaw in their code led to one of the largest NFTs exploits in history.”

#OpenSea is now lying and claiming the exploit was actually just phishing emails people were receiving.

This is 100% not true, but rather a flaw in their code which led to one of the largest #NFT exploits in history. pic.twitter.com/qGRq0MaFT1

— Jacob King (@JacobOracle) February 20, 2022

However, in a Twitter thread posted on February 20, Finzer rebuts these claims. He said an investigation had, in fact, shown that the attackers had returned some of the NFTs. He explained:

The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours. Some of the NFTs have been returned.

Finzer also claimed that the Opensea team was not aware of any recent phishing emails that have been sent to users. The CEO said at the time when he posted the thread, the team was yet to determine the website that had been “tricking users into maliciously signing messages.”

Attackers’ Wallet Has $1.7 Million Worth of ETH

Also to back the findings of Opensea’s investigation, the CEO pointed to a more technical context of what transpired which was shared by another Twitter user Neso.

Finzer ends his thread by dismissing rumors that suggested that this was a $200 million hack. According to him, the Opensea team had determined that “the attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.”

We are actively investigating rumors of an exploit associated with OpenSea related smart contracts. This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of https://t.co/3qvMZjxmDB.

— OpenSea (@opensea) February 20, 2022

Meanwhile, in another thread, Finzer said after his team got in touch with “dozens” of people and teams across the NFT space, and he is confident this was a phishing attack. He added that Opensea was now actively “working with users whose items were stolen to narrow down a set of common websites that they interacted with that might have been responsible for the malicious signatures.”

What are your thoughts on this story? Tell us what you think in the comments section below.