Hackers steal millions of dollars worth of digital tokens from the world’s most famous NFT collection

Cryptocurrency hackers have carried out a phishing attack on the world’s most famous NFT collection, stealing several million dollars worth of non-fungible Bored Ape Yacht Club (BAYC) tokens from OpenSea. According to representatives of the Harpie online theft prevention platform, the attack was carried out due to the ability to sell NFTs without paying a commission.

«Hackers were able to steal NFTs using a little-known OpenSea feature. This is the latest type of hack that has stolen several million worth of BAYC tokens,» Harpie said. To sell NFTs without paying a commission, users must approve a signature request with an unreadable message. This feature allows you to create private auctions with the ability to set non-standard prices.

To hijack NFTs, hackers have created phishing sites that allegedly require signing a message under the guise of logging in. By signing the message, the user agrees to partially sell the NFT to the fraudster for 0 ETH.

This is not the only incident where OpenSea has become a platform for fraud. In August, the NFT marketplace made changes to its policy of dealing with stolen NFTs — users were allowed to resell stolen non-fungible tokens if the marketplace does not receive a notification from law enforcement. If law enforcement agencies do not respond to such resale within seven days after the stolen NFTs are posted, NFT holders have the right to trade them. In this way, OpenSea representatives plan to combat fake complaints of theft.