NFT platform OpenSea sees trading drop after phishing attack

OpenSea's seven-day trading volume is down 37 per cent, DappRadar found. PHOTO: AFP

LONDON (BLOOMBERG) - Activity on OpenSea, the world's largest marketplace for digital collectibles, likely dropped precipitously after a phishing attack that saw traders lose as much as an estimated US$3 million (S$4 million).

Trading in non-fungible tokens (NFTs) plummeted in recent days, according to data provider DappRadar. OpenSea's seven-day trading volume is down 37 per cent, DappRadar found.

An unidentified hacker stole 254 tokens from OpenSea users by sending a malicious e-mail asking to transfer their assets to a new contract. Around 17 traders signed the contract, which effectively acted as a blank cheque, giving the hacker access to all of the NFTs stored on their wallet. Some of those assets have since been sold, netting the perpetrator a hefty gain.

OpenSea's chief executive Devin Finzer valued the total amount stolen at US$1.7 million on Sunday (Feb 20), but researchers since have valued the pile at anywhere between US$2 million and US$3 million.

Among the stolen NFTs included four Bored Apes, three of which were later sold on rival platform LooksRare for a combined US$667,000, according to data from blockchain security service PeckShield.

The number of traders using OpenSea dropped by 19 per cent, to about 227,272 over the past seven days, per DappRadar. Over the past seven days, trading volume on LooksRare plunged nearly 65 per cent, while volume on BloctoBay rose by more than 215 per cent, according to DappRadar.

"There's a huge difference between the data hosted on DappRadar, and the graphs you're using in your story," OpenSea said in a statement. "It's wildly irresponsible to draw conclusions in your headline without any technical backing or comparisons to other platforms. Furthermore, the data in the text of your story does not match the graphs in your story. For more accurate and complete data, please refer to Dune Analytics."

OpenSea said on Monday that the attacker's crypto wallet has gone quiet since the theft, with no transaction activity spotted in the last 24 hours.

The marketplace's chief technology officer Nadav Hollander said the incident demonstrated a need for more awareness about the security issues surrounding off-chain signatures among NFT traders, but noted that the attacker was able to fool their victims because of an ongoing contract migration.

"Education on not sharing seed phrases or submitting unknown transactions has become more widespread in our space. However, signing off-chain messages requires equal consideration," said Mr Hollander.

Join ST's Telegram channel and get the latest breaking news delivered to you.