How this Fake OpenSea Support Staff is Hijacking Crypto wallets and NFTs?

How this Fake OpenSea Support Staff is Hijacking Crypto wallets and NFTs?

OpenSea users are being targeted in a recent and aggressive Discord phishing attack to steal cryptocurrency funds and NFTs. Over the past week, threat actors have been lurking in OpenSea’s Discord server, pretending to be official support representatives for the site.

These fake support reps provide private “support” to OpenSea a user needing help, which invariably leads to the loss of cryptocurrency and NFT collectibles stored in the victim’s MetaMask wallets.

How-this-Fake-OpenSea-Support-Staff-is-Hijacking-Cryptowallets-and-NFTs-image1

What is the Working Process of Fake OpenSea Scam?

When an OpenSea user requires support, they can request help at OpenSea’s help center or through the site’s Discord server. When a user joins the Discord server and posts a request for help, scammers hiding on the server-initiated sending a private message to the user. These messages include an invite to an ‘OpenSea Support’ server to receive support, as shown below.

How-this-Fake-OpenSea-Support-Staff-is-Hijacking-Cryptowallets-and-NFTs-image2

An Artist Jeff Nicholas, who fell abused by this scam, told our experts that after joining the fake OpenSea support server, the scammer asked him to launch a screen share so that they provide support and guidance in fixing the problem.

“Lots of grooming, processing through the issue” pulling you in. then ask you to screen share so they can see what you are seeing,” Nicholas told our experts. As part of this process, the fake support member states to the victim that they require to resynch their MetaMask Chrome extension with the MetaMask mobile app.

“Say you require to resync you MM and at this point your sort of sticked in to fixing this thing whatever it is. Pull up QR code and it immediately says “synced” (because they scanned it). So then they basicly have your seed phrase (without actually having it),” explained Nicholas.

To synch your mobile MetaMask wallet with your Chrome extension, it is the potential to go to Settings and click on Advanced then tap Sync with mobile. You will be prompted to enter your password on this page, and a QR code will be displayed.

How-this-Fake-OpenSea-Support-Staff-is-Hijacking-Cryptowallets-and-NFTs-image3

The Mobile MetaMask Application can scan this QR Code to sync and import your Chrome wallet automatically. However, any user who sees this QR code, consisting of the fake support reps, can create a screenshot and then utilize that image to sync your wallet into their mobile applications.

When the fake support representatives scanned the QR code on their mobile application, they now had full access to the cryptocurrency and any NFT collectibles preserved within it. The threat actors then transmit the victims to their wallets.

What should the users of OpenSea do?

OpenSea is aware of the attacks and suggests that users only open support requests to their help centers. “Saddened to listen an OpenSea users was the victim of a significant phishing attack last night,” tweeted by OpenSea’s Head of Product Nate Chastain.

“The scammer masquerades as an OpenSea employee and has the user scan a QR code granting wallet access.” “Please be attentive and direct support requests through our Help Center/ZenDesk.” However, some users feel that OpenSea transmits some responsibility for these attacks as they have been referring users to their Discord server for support.  

Our experts have contacted OpeanSea with questions about these attacks and the proper way to request support but have not heard back, For now, it is highly suggested that OpenSea users bypass Discord or Twitter for support and only launch tickets through the site’s help center.   

Leave a Reply