$1.7 million in non-fungible tokens (NFTs) were stolen from token-trading site OpenSea, prompting a pause in trading on the website.
Two hundred fifty-four individual tokens were stolen from OpenSea users, according to blockchain security company PeckShield, which compiled a spreadsheet of the stolen assets. Tokens from the Azuki collection were the most numerous assets on the list, with appearances from other collections such as the often-ridiculed Bored Ape Yacht Club and its derivatives and knockoffs.
At the time of writing, many of the NFTs have been labeled as "returned" by PeckShield, though at least a third appear to remain at large.
The theft was accomplished through a form of phishing, according to OpenSea's CEO. Through a weakness in the Wyvern Protocol, the framework that serves as the foundation for many NFT contracts used by marketplaces, hackers were able to gain legitimate authorization from users to steal from them digitally.
OpenSea users were essentially given an offer and contract to sign whose contents were generalized enough to seem legitimate. Once the user signed, hackers manipulated the contents of the contract to transfer the token without paying an iota of Ethereum for it.
The hack is rough news for OpenSea, which has become one of the most valuable NFT-boom companies, valued at a whopping $13 billion. Ironically, the company had been updating its contract system at the time of the attack.
No newer contracts were affected in the hack, and the relative number of users that had tokens stolen is proportionally tiny compared to the site's active user numbers. While the exploit that allowed the theft in the first place is likely soon to be rectified, hackers' ease in stealing from the site leaves many concerns.
Overall, concerns of lawlessness in the NFT market are running high as of late, coming in the wake of continual thefts, as well as ongoing fraud and counterfeiting.
British Authorities recently seized over £1 million in NFTs earlier this month as part of a tax evasion probe. OpenSea competitor Cent shut down earlier this month due to overwhelming fraud on its marketplace, with the former market suffering its fair flood of fraudulent and counterfeit tokens.