UPDATE: (11:01 PM): OpenSea co-founder Devin Finzer tweeted that the firm was still investigating the incident, adding that they believe it stemmed from a “phishing attack.”
He added: “We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”
Finzer suggested impacted users reach out to the firm via Twitter support.
The nascent market for non-fungible tokens was sent into a tizzy Saturday evening after millions of dollars worth of NFTs on OpenSea were swiped by a hacker.
At the time of writing, it is not clear if the assets were stolen via a breach stemming from a deficiency in OpenSea’s platform or a phishing attack—a commonplace way for thieves to access accounts through factitious emails.
“We are actively investigating rumors of an exploit associated with OpenSea related smart contracts,” the firm said in a tweet. “This appears to be a phishing attack originating outside of OpenSea’s website.”
A spokeswoman for the firm directed The Block to this tweet when reached for further update.
At this point The Block can confirm that the hacker has stollen roughly $3 million in assets, which includes popular NFTs like Bored Apes, Azuki and CloneX.
The CEO of Nasen, Alex Svanevik estimates that about 19 OpenSea users have been impacted.
OpenSea—which recently raised at a valuation topping $13 billion—is one of the largest platforms for NFT trading. It counts Andreessen Horowitz and actor Ashton Kutcher as backers.
We will update this report when we learn more.