Share this article
OpenSea Investigating ‘Exploit Rumors’ as Users Complain of Missing NFTs
Emails purporting to be from the NFT marketplace about a planned smart contract migration may have been a phishing attack.
Updated May 11, 2023, 5:55 p.m. Published Feb 20, 2022, 3:32 a.m.
In the wake of a series of viral tweets from panicked non-fungible token (NFT) traders, leading marketplace OpenSea says it’s investigating “rumors of an exploit” regarding smart contracts connected to its platform – a vulnerability that may have cost traders valuable tokens.
- “We are actively investigating rumors of an exploit associated with OpenSea related smart contracts,” OpenSea posted to Twitter Saturday night U.S. hours. “This appears to be a phishing attack originating outside of OpenSea's website. Do not click links outside of opensea.io.”
- Around 10:50 p.m. ET, OpenSea CEO Devin Finzer followed up in a tweet that “32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.” He added that the company is “not aware of any recent phishing emails that have been sent to users,” and suggested a fraudulent website may be to blame.
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.
— Devin Finzer (dfinzer.eth) (@dfinzer) February 20, 2022
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
- OpenSea had planned to revise its smart contract (the code governing its trading platform, essentially) by releasing a brand-new contract on Friday. The upgraded contract was intended to ensure old, inactive listings on the platform would eventually expire.
- On Twitter, traders shared what they’d initially thought were official OpenSea emails about the migration process from contract A to contract B.
- PeckShield, a blockchain security company that audits smart contracts, stated that the rumored exploit was “most likely phishing” – a malicious contract hidden in a disguised link. The company cited that same mass email about the migration process as one of the possible sources of the link.
- The apparent attacker’s address (which the blockchain explorer website Etherscan has already slapped with a “phish/hack” warning badge) holds about $1.7 million worth of ether , as well as three tokens from the Bored Ape Yacht Club, two Cool Cats, one Doodle and one Azuki.
Update (Feb. 20, 04:42 UTC): Adds public statement from OpenSea CEO.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
JPMorgan Pushes Deeper Into Tokenization With Galaxy's Debt Issuance on Solana
Galaxy’s onchain debt deal, where JP Morgan acted as arranger, was settled in USDC stablecoin and backed by Coinbase and Franklin Templeton.
What to know:
- J.P. Morgan arranged Galaxy Digital’s commercial paper issuance on the Solana blockchain, one of the first of its kind in the U.S.
- Coinbase and Franklin Templeton bought the short-term debt instrument, settled in USDC
- Tokenization of real-world assets is gaining traction, with projections suggesting the market could reach $18.9 trillion by 2033.
Top Stories
