This appears to be a phishing attack: https://twitter.com/cyphreth/status/1495206957589925892 https://twitter.com/0xfoobar/status/1495208279210876930
Example attacker transaction: https://ethtx.info/mainnet/0x18c0b67adf306b7f0da948e238c1397...
We see that this tx performs 3 layers of delegation, whereas normally the opensea WyvernExchange contract needs 2 (user's proxy delegates action to WyvernAtomicizer, which performs the transfer.) In this case there's another layer: user proxy delegates to attacker contract 0xa2c0946ad444dccf990394c5cbe019a858a945bd, which then calls the Atomicizer to do a malicious transfer.
While I'm no fan of cryptocurrency in general, it does seem like the space has plenty of people who understand security. The steady stream of high profile NFT hacks suggests none of them want to go near NFTs. If all the people NFTs are supposed to help won't touch them, and all the smart security people won't touch them, maybe there's a reason.
I think we should stop using normative terminology like "stealing" when talking about NFTs and stuff. Code is law and the code says it belongs to the hacker. Maybe "involuntary transfer" is a better phrase instead
Yet nothing of value was lost. Weird.
Listen to the disaster in real time: https://twitter.com/0xBiZzy/status/1495199867152523265
Etherscan and revoke.cash are down. This is the web3 utopia hype they have been screaming about yet the centralized services they use (Etherscan) are going down, NFTs being stolen via a vulnerability in OpenSea and there is no way to get them back. Ha.
What a magnificent disaster.