OpenSea Scammers Posing As Support Staff, Stealing NFTs

Share post:

OpenSea users are falling victim to a widespread Discord phishing attack to steal cryptocurrency funds and NFTs.

Last week hackers were lurking on the Discord server of OpenSea posing as official support representatives of the site.

These phony reps give private “support” to OpenSea users who need it, resulting in the loss of cryptocurrencies and NFT collectibles stored in the victim’s MetaMask wallets.

When a user joins the Discord server and makes a technical support request, scammers lurking on the server start sending private messages to the user that include an invitation to an ‘OpenSea Support’ server to get support.

After joining the fake OpenSea support server, the scammers ask users to open a screen share so they can provide assistance and guidance in solving the problem.

The fake support member then informs the victim that they need to re-sync their MetaMask Chrome extension with the mobile app MetaMask.

The MetaMask mobile app can scan a QR code to automatically sync and import the victim’s Chrome wallet. But, anyone with that QR code, including the fake support staff, can take a screenshot and then use that image to sync the wallet with their mobile apps.

When the fake support reps scan the QR code on their mobile app, they now have full access to the cryptocurrency and all the NFT collectibles it contains, allowing them to transfer the collectibles into their wallets.

OpenSea is aware of the attacks and urges users to only open support requests through its Help Center.

Users are also urged never to share their wallet recovery keys, password phrases and QR codes, which are used for syncing to prevent wallets from being stolen by fraudsters.

For more information, read the original story in BleepingComputer.

SUBSCRIBE NOW

Related articles

20 dollars unmasks a major vulnerability in the internet infrastructure. Cyber Security Today for Friday the 13th, September 2024

US Cyber Security and Infrastructure Agency -  CISA has added three significant vulnerabilities to its “known exploited vulnerabilities...

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Cyber Security Today – Week In Review for September 7, 2024

Cyber Security Today - Weekend Edition: Toronto School Board Hack, MoveIT Breach & Data Privacy Concerns This weekend edition...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways