OpenSea has attributed the recent theft of several high profile non-fungible tokens (NFTs) to a phishing attack that, at time of writing, is believed to have claimed at least 32 victims.
The Block reports that whoever stole these NFTs—which, aside from assisting money laundering operations, are supposed to represent ownership over a piece of digital content—made off with numerous tokens valued at roughly $3 million over the course of several hours on Feb. 19.
OpenSea CEO Devin Finzer has shared multiple updates about the company’s investigation on Twitter. The most recent tweets show that the NFT marketplace believes it has ruled out its website, a recent email, a listing migration tool, and its new smart contract as the attack vector.
“Importantly, rumors that this was a $200 million hack are false,” Finzer says in another tweet. “The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs.”
CoinDesk reports that Etherscan, which bills itself as “the Ethereum blockchain explorer,” has flagged the account that appears to be connected to these NFT thefts. (The public name of which is, fittingly enough, “Fake_Phishing5169.”)
Finzer says NFT collectors worried about their tokens being stolen can revoke OpenSea’s access to their collections via Etherscan. OpenSea has also updated its website with a warning, “Do not click links outside of opensea.io,” while it investigates the cause of this attack.