OpenSea hackers stole millions of dollars worth of Bored Ape Yacht Club tokens

Recently, several million dollars worth of NFT items were hacked and stolen on the largest marketplace of non-fungible tokens. The attackers used the phishing method, and the victims were collectors who had non-fungible tokens from the Bored Ape Yacht Club collection in their wallets.

This became known from a press release from the Harpie project, which deals with the fight against on-chain theft. The company announced this on its Twitter account. Harpie called this method of hacking the latest and reported the details of the hack.

The whole secret, as you might have guessed, lies in the smart contract that uses the hidden OpenSea function. The latter allow “sales without gas” when users can buy and sell NFT tokens by signing the required smart contract.

The attackers used phishing to deceive users and send them smart contracts that they signed. This led to the sale of tokens at private auctions, which were arranged by hackers with their own prices. Signatures were not read, and collectors were left without their NFT tokens and lost a lot of money.

The victims of the phishing attack signed such smart contracts en masse, thinking that the letter came from the portal administration in order to log into the account and protect it. Multiple acts of loss of funds led to the fact that OpenSea users lost several million dollars in total. The exact amount of losses is not specified.

Harpie reported that they are now able to detect such private auction scams. They have found a new way for fraudsters to get NFT tokens dishonestly and now they can protect crypto investors from a new attack vector in the cryptocurrency industry.

In August, a case was recorded with suspicious activity of 143 Bored Ape Yacht Club tokens. The Immunefi platform has estimated their total value at $13,580,000.