User sues OpenSea for $1M+ after losing his Bored Ape NFT in phishing attack

2 years ago

The plaintiff has accused the NFT marketplace of "negligence" and "breach of fiduciary duty."

Liam Frost • Feb. 22, 2022 astatine 12:40 p.m. UTC • 2 min read

User sues OpenSea for $1M+ aft losing his Bored Ape NFT successful phishing attack

Texas nonmigratory Timothy McKimmy has officially filed a suit for astatine slightest $1 cardinal against non-fungible token (NFT) marketplace OpenSea. In the complaint, helium accused the level of “negligence” that resulted successful him losing an “unquestionably” invaluable Bored Ape Yacht Club NFT.

According to the lawsuit filed connected February 18 successful the Southern District of Texas, McKimmy allegedly was 1 of the victims successful the caller bid of phishing attacks. As CryptoSlate reported, immoderate OpenSea users person precocious mislaid millions of dollars worthy of NFTs to chartless malicious actor(s).

Namely, the attacker launched a peculiar astute contract connected Ethereum implicit a period anterior to the existent theft and past sent respective users emails urging them to determination their NFTs from an aged OpenSea astute declaration to a caller one. This caller mendacious contract, successful turn, initiated signing of unfastened merchantability orders which the attacker collected.

As a unfortunate of this scheme, McKimmy mislaid his Bored Ape #3475 NFT, the ailment alleged, which is presently being auctioned off for astatine slightest 225 Ethereum (roughly $568,000) by an chartless owner.

Phishing successful OpenSea

In his complaint, McKimmy alleged that OpenSea has breached the fiduciary work it owed to him “by failing to instrumentality policies and procedures to prevent, identify, detect, respond to, mitigate, contain, and/or close information violations.”

Because of this, the plaintiff claimed that connected oregon astir February 7 his Bored Ape NFT was stolen owed to a “security vulnerability” connected OpenSea, allowing “an extracurricular enactment to illegally participate done OpenSea’s codification and entree [McKimmy’s] NFT wallet” to database and merchantability the token.

Ultimately, “OpenSea’s vulnerabilities allowed others to participate done its codification and unit the listing of an NFT” and that was “through nary responsibility of the [NFT] owner,” McKimmy claimed.

He added that attempts to “resolve the contented galore times with” OpenSea remained unsuccessful arsenic the level “failed to reverse the transaction, instrumentality the Bored Ape, and/or supply immoderate capable remedy,” which led to him filing the lawsuit.

Now, the plaintiff wants OpenSea to reimburse him “the valuation of the Bored Ape, and/or monetary damages implicit $1,000,000,” the ailment stated.

“Plaintiff’s Bored Ape has important value; this is unquestionable. For example, Justin Bieber purchased Bored Ape #3001 for 500 ETH, oregon $1.3 cardinal astatine the clip of the transaction. Bieber’s Bored Ape has a rarity people of lone 53.66 and a rarity fertile of #9777,” according to the complaint.

Meanwhile, “Plaintiff’s Bored Ape has a rarity people of 138.52 and a rarity fertile of #1392. It is successful the apical 14% rarity, and it is importantly rarer than Bieber’s. Thus, Plaintiff’s Bored Ape’s worth is arguably successful the millions of dollars and increasing arsenic each time passes,” the papers claimed.

The onslaught nary longer seems to beryllium active, but we are continuing to monitor. We person not seen enactment from the attacker’s wallet successful >36 hours. We’re continuing to investigate.

— OpenSea (@opensea) February 22, 2022

In its turn, OpenSea contiguous reported that “the onslaught nary longer seems to beryllium active” but the level is inactive “continuing to monitor” and “it is harmless to migrate your listings” now.