Opensea NFT hack explain Thread

28 days ago the hacker uploads a new smart contract, he already knows well that his goal is to get as many signatures as possible

He starts sending emails with phising websites. They tell you to sign a message to login/migrate to the new Opensea smart contract

Instead you are signing a private sale (0 eth) of your NFTs to the hacker

Today he executes the smart contract function to steal the NFTs before their listings expire

He can do that because he has your signatures stored on his server

As a final note, always check what you are signing, because one click makes a difference.

You can revoke access to your NFTs from official Etherscan website:

https://etherscan.io/tokenapprovalchecker

📢 All this is what we believe to have happened, but the investigation is still ongoing

Details check this Twitter thread 🧵

https://twitter.com/isotile/status/1495234649970421760?s=21

Edit: JUST IN: Over $200M worth of NFTs reportedly stolen from OpenSea phishing hack