A targeted phishing attack against OpenSea users resulted in the theft of NFT tokens valued at approximately $2 million. OpenSea has said that its own email system and platform were not compromised. The attack, as described in detail by Checkpoint security researchers, focused on taking advantage of an announcement that customers were required to migrate accounts on the OpenSea platform. Threat actors were able to send a spoofed email message to customers that informed them that the migration was unsuccessful, and they were required to login to their financial accounts utilizing a new link to the platform. This new link was part of the phishing attack and allowed threat actors to record credentials and tokens that were nearly instantly used via a script to initiate a transfer of NFT tokens to the threat group’s accounts.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is