OpenSea is not hacked, hacker sent phishing emails

OpenSea exploit hack

There is a rumor brewing that OpenSea, world’s most popular NFT website has been hacked. Many thinking OpenSea has churned out new contracts, but it’s just a phishing attempt at making you give permissions on phishing website.

One twitter user claims OpenSea is lying and there’s infact a vulnerability that does allow hacker to steal NFTs.

This is 100% not true, but rather a flaw in their code which led to one of the largest NFT exploits in history.

There is no need to scramble and use untrusted / unknown revoking DAPPs if you didn’t interact with phishing email sent ~30 days ago. This is the perfect time for a scammer to introduce a site that actually makes you do the opposite of revoke.

However, if you have a hot wallet that interacts with smart contracts or a cold wallet with some NFTs, it is advisable that you remoke permissions of all websites just to be on safe side.

This OpenSea hack sounds similar to one of the attacks a while back where the adversary used a FE flaw to make their contract appear verified as part of a wider attack. For bonus points, sell the NFT below floor to yourself and lose nothing.