OpenSea Scammers Posing As Support Staff, Stealing NFTs

Share post:

OpenSea users are falling victim to a widespread Discord phishing attack to steal cryptocurrency funds and NFTs.

Last week hackers were lurking on the Discord server of OpenSea posing as official support representatives of the site.

These phony reps give private “support” to OpenSea users who need it, resulting in the loss of cryptocurrencies and NFT collectibles stored in the victim’s MetaMask wallets.

When a user joins the Discord server and makes a technical support request, scammers lurking on the server start sending private messages to the user that include an invitation to an ‘OpenSea Support’ server to get support.

After joining the fake OpenSea support server, the scammers ask users to open a screen share so they can provide assistance and guidance in solving the problem.

The fake support member then informs the victim that they need to re-sync their MetaMask Chrome extension with the mobile app MetaMask.

The MetaMask mobile app can scan a QR code to automatically sync and import the victim’s Chrome wallet. But, anyone with that QR code, including the fake support staff, can take a screenshot and then use that image to sync the wallet with their mobile apps.

When the fake support reps scan the QR code on their mobile app, they now have full access to the cryptocurrency and all the NFT collectibles it contains, allowing them to transfer the collectibles into their wallets.

OpenSea is aware of the attacks and urges users to only open support requests through its Help Center.

Users are also urged never to share their wallet recovery keys, password phrases and QR codes, which are used for syncing to prevent wallets from being stolen by fraudsters.

For more information, read the original story in BleepingComputer.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 24, 2024 – A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more

A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more. Welcome to Cyber Security...

Canada centralizing cybersecurity efforts of federal IT departments

Federal departments and agencies are making only marginal progress in improving their cyber maturity, Ottawa said Wednesday as...

Cyber Security Today, May 22, 2024 – LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more

LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more. Welcome to Cyber Security...

Google criticizes Microsoft’s security practices in new report

Google has publicly criticized Microsoft for a series of security missteps, suggesting that organizations might consider more secure...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways