Bitfinex Warns Not To Underestimate Malicious Actors Following OpenSea Attack

A top crypto exchange executive offered NFT and cryptocurrency holders some advice to guard against malicious actors who are learning new tricks every day to circumvent security measures and hack unsuspecting accounts.

Paolo Ardoino, CTO of Bitfinex, made the warning after 17 OpenSea users lost more than $1.7 million in non-fungible token (NFT) when they fell victim to phishing attacks conducted by malicious actors. Bitfinex is a cryptocurrency exchange platform owned and operated by iFinex, registered in the British Virgin Islands.

The attack involving the theft of 254 tokens reverberated across the NFT world as investors' fear caused cryptocurrency prices to plummet.

"Never underestimate the ingenuity of fraudsters' use of technology to steal your digital token assets. The phishing attack that took place at OpenSea over the weekend where millions of dollars of NFTs were stolen once again demonstrates that even the most tech-savvy can fall victim to these types of scams," Paolo Ardoino, CTO of Bitfinex told International Business Times via email.

Reports indicated the elaborate phishing attack drained several wallets on OpenSea and allowed the hacker to steal from unsuspecting victims over the weekend. The incident highlighted the importance of operational security in Web 3 and users' vulnerability against creative ways of malicious actors.

According to Ardoino, even tech-savvies fall prey to phishing attacks devised by ingenious malicious actors, but there are ways to prevent being scammed and protect digital assets.

He also offered several steps to help NFT owners and crypto holders protect their digital assets, including "never responding to an unsolicited message and making sure to "always check and validate the authenticity of a platform."

The executive added users should "avoid open Wi-Fi networks" and ensure to "put 2-factor Authentication in place whenever possible." Moreover, he said that users should "be extremely wary about the origin of an email."

"Always verify the legitimacy of senders, " he said and advised, "never click on links in an email; instead, always type the address directly into the address bar." The executive also asked users to "regularly update antivirus solutions."

And most importantly, "hold your digital tokens offline in a hardware wallet."

The recent OpenSea phishing attack involved valuable NFTs from various collections, including Azuki and Bored Ape Yacht Club. In a most recent tweet, OpenSea said, "Our leadership, engineering, and security teams are communicating with affected users to gather details. We continue to believe that this is a phishing attack that originated outside of http://opensea.io.