# Remember the "opensea phishing attack"?

> Exactly 2years today millions of dollars were stolen including several apes.

**Published by:** [Decoding Web3 with ZED](https://paragraph.com/@zed/)
**Published on:** 2024-02-18
**URL:** https://paragraph.com/@zed/remember-the-opensea-phishing-attack

## Content

Let's talk about what happened and how to never fall victim. Feb 18 2022 4:14pm est, @opensea announced their new upgraded contract is live. OpenSea @opensea The new contract is live! Start migrating your listings now: opensea.io/account?tab=mi… 925 4:14 PM • Feb 18, 2022 OS instructed users on how to migrate their listings to new contract, they were given 7days to do soHow hacker took advantage: - Deployed a contract 28 days prior to the actual theft - Sent users emails urging them to move their NFTs from an old os smart contract to a new one. - Gathers signatures of OS users (through phishing email) for private sale of NFTs - Execute plan same day as os contract coming live. When user sign this fake contract it initiates a private sale of NFTs to the hacker for 0e. Hacker made close to $2M from the attack, returned some of the stolen NFTs Devin Finzer (dfinzer.eth) @dfinzer Importantly, rumors that this was a $200 million hack are false. The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs. 363 12:45 AM • Feb 20, 2022 Market: Panic and confusion in the market. Users blamed OS new contract, but it was the phishing link clicked and signed days prior, not linked to OS website. Hacker only chose to execute plan same day as OS new contract coming live. Lesson: Assume all links are bad for you, especially links in inbox One click can mean the world, always double check before you sign anything. From time to time, check your token approvals either on etherscan or @RevokeCash , revoke approvals you think is sus. Extensions like @wallet_guard, @PocketUniverseZ simulate transaction before you sign @MintDefense even block scam sites. Using these might help reduce your risk. Thank you for reading. Make sure to subscribe and follow me on X @zedweb3

## Publication Information

- [Decoding Web3 with ZED](https://paragraph.com/@zed/): Publication homepage
- [All Posts](https://paragraph.com/@zed/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@zed): Subscribe to updates
- [Twitter](https://twitter.com/zedweb3): Follow on Twitter

## Optional

- [Collect as NFT](https://paragraph.com/@zed/remember-the-opensea-phishing-attack): Support the author by collecting this post
- [View Collectors](https://paragraph.com/@zed/remember-the-opensea-phishing-attack/collectors): See who has collected this post