OpenSea the leading NFT ( non fungible token) exchange platform has fallen victim to a phishing attack that occurred just hours after it announced yesterday a new smart contract update that would occur throughout the week with the goal of eliminating inactive NFTs on the platform, and requiring users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract, as a direct result of the update, users who do not migrate from Ethereum risk losing their old inactive listings (currently requiring no cost to migrate).
Hackers took advantage of this immediately, and a few hours after the OpenSea update was announced, according to various sources there is news of an ongoing attack targeting NFTs, and it is assumed that hackers used phishing emails to steal NFTs before they are migrated to the new OpenSea smart contract, once a user authorizes the migration of NFTs from the fraudulent email to a new address (hacker's address), the attackers gain possession of the NFTs.
Users are at this time urged to be wary of all communications from OpenSea, as well as to revoke all permissions on migration to the new smart contract. OpenSea co-founder and CEO Devin Finzer acknowledged the phishing attack, confirming that 32 users have lost NFTs so far, furthermore Finzer concluded by saying:
"If you are concerned and want to protect yourself, you can un-approve access to your NFT collection."
