Contents:
Recently, it has been found that an aggressive phishing attack in progress on the crypto gods platform OpeaSea is targeting its clients in order to steal non-fungible tokens (NFT) and cryptocurrency.
Apparently, cybercriminals have been hiding in the platform’s Discord server posing as authentic OpenSea employees who offer assistance for the website.
According to BleepingComputer, the impostor’s “help” results in users losing NFT collectibles and cryptocurrency that are kept in the target’s MetaMask wallets.
Guys, I just got hacked bad. They wiped my ledger. Impersonators on the OpenSea discord impersonating @natechastain and others. Wiped 4.5 ETH and all of my apes and cats. Fuck.
— jeffnicholas.eth ??✨ (@_jeffnicholas_) August 24, 2021
Fake OpenSea Employees Operation Mode
The way the scam works is that when an OpenSea user needs help they can request assistance via the website’s Discord server or at the help center. As soon as this happens the threat actors begin messaging the user sending invitations to a false OpenSea Support server in order to get the help they need.
One of the impacted individuals is Jeff Nicholas who was asked by the attackers to activate the screen share function in order to receive assistance with his problem.
He told BleepingComputer:
Lots of grooming, “working through the issue” pulling you in. Then ask you to screen share so they can see what you are seeing.
Say you need to resync your MM and at this point your sort of sucked into fixing this thing whatever it is. Pull up the QR code and it immediately says “synced” (because they scanned it). So then they basically have your seed phrase (without actually having it).
It is important to be aware of the fact that anyone who has the QR code can take a screenshot of it and then use it to synchronize one’s wallet into their mobile apps.
So this is why the cybercriminals are putting so much effort into convincing their victims to screen share. Scanning the QR code on their device gives the hackers posing as support representatives complete access to the crypto goods saved within it.
What Can OpenSea Users Do?
The crypto goods platform is aware of the phishing attacks and urges the users to only submit support requests via its help center.
OpenSea’s Head of Product Nate Chastain said in a tweet:
Saddened to hear an OpenSea user was the victim of a significant phishing attack last night.
The scammer masquerades as an OpenSea employee and has the user scan a QR code granting wallet access.
Please be vigilant and direct support requests through our Help Center/ZenDesk.
Some individuals think that OpenSea should be held accountable for these phishing attacks as the platform has been directing people to its Discord for support and bug reports for a long time.
Unfortunately, these types of attacks are going to keep happening hence is essential to never share our wallet’s recovery keys, passwords, QR codes used for syncing in order to avoid becoming one more of these scams’ victims.