A lawsuit has been filed against OpenSea, one of the leading Ethereum-based NFT marketplaces, after the company reportedly was the subject of an attack that resulted in millions of dollars worth of non-fungible tokens being stolen over the weekend. At least 17 OpenSea users noticed that their NFTs were missing, prompting panic to erupt on the platform.
According to blockchain security service PeckShield, 254 tokens were stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club ($BAYC.NFT).
Some speculated that the problem might have come from OpenSea’s smart contracts – the software that runs the platform. However, it appears the more likely reason behind the attacks is a phishing attack conducted by a malicious actor, which copied and sent an email blast informing users about a smart contract change. OpenSea confirmed the phishing attack – but did not acknowledge any potential exploits with the smart contract, contributing to some confusion and controversy among members of the NFT community.
OpenSea’s statement didn’t satisfy everyone, maybe most, namely Timothy McKimmy, a Texas resident who filed a lawsuit against the marketplace in federal court. He claimed that he was the owner of Bored Ape ($BAYC.NFT) #3475 and that his NFT was “stolen” for 0.01 $ETH.X or $26, and the so-called buyer sold it for 99 $ETH.X, or $250,000. He said that the platform was aware of a bug that could allow hackers to buy NFTs for a fraction of their market value.
With a valuation of $13.3 billion, OpenSea has become the biggest NFTmarketplace by volume. However, its numerous security-related issues have demoralized investors. In January 2022, an exploit affected the platform, which led to refunding users $1.8 million. It’s not good for its health as trading in non-fungible tokens has dropped in recent days, according to DappRadar. The data provider found that OpenSea’s seven-day trading volume had dropped by 37% as of Tuesday.