OpenSea announced a planned upgrade on February 20th, 2022 for its smart contracts. This required users to migrate their NFTs to a new smart contract from ETH. This migration would help users keep their old and sometimes inactive listings accessible. There are no fees for migration. The reason OpenSea wanted to do this was because many NFTs on their marketplace were hit with phishing attacks. Hackers wanted to take advantage of the delisting of inactive NFTs.
The short timeframe for migrating and its urgency offered hackers an opportunity to try their luck and make some money. Multiple sources announced that an attack was taking place on the NFTs that would be delisted if migration did not take place. An investigation showed that phishing emails were sent to owners so that their NFTs could be stolen. Users who authorized migration by giving information required in the email gave over ownership to the attackers. Users/owners have been cautioned not to open any emails and wait till further information was sent by OpenSea regarding the smart contract migration.
According to OpenSea CEO Devin Finzer, 32 account holders have lost their NFTs to date. The marketplace is trying to get a handle on the attack and how it happened. It is suspected that user information could have leaked, and it is fueling these attacks. Account owners are requested to reach out to OpenSea for help and get access to their investments back. Information on the upgrade will be announced later once this problem has been sorted out.
