The problem of frequent NFT theft is just as ubiquitous in the overall NFT discussion as debates over what non-fungible tokens actually are. Recently, participants in Web3 were shocked to discover that their crypto wallets had been compromised and that valuable NFTs such as Bored Ape Yacht Club and Mutant Ape Yacht Club items had been stolen from their accounts. Very quickly, the victims started to develop theories: speculation had it that a new NFT marketplace called X2Y2 or else a new contract implemented by OpenSea was to blame. Later, addressing the incident, OpenSea said that it was a targeted phishing attack and not the new contract that was to blame for the thefts.
“As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen,” OpenSea CEO Devin Finzer wrote in a series of tweets. “We are not aware of any recent phishing emails that have been sent to users, but at this time we do not know which website was tricking users into maliciously signing messages.”
Here’s where it gets weird, though: while many NFT enthusiasts have seen their items stolen and never returned, whoever pulled off these latest thefts wasn’t finished with just the robberies themselves. According to a report at Web3 is Going Great, the thief actually returned some of the NFTs he’d stolen to certain victims, and also deposited $130,000 (or 50 ETH) in someone’s account.
OpenSea has been valued at an eye-popping $13.3 billion, and the company also recently announced that it had raised $300 in fresh venture capital. The company has said that it will use the new funds to improve its trust and safety team and to increase the accessibility of NFTs to those who are have less experience with the technology.