Rogue OpenSea Support Agents Are Stealing Cryptowallets and NFTs

Rogue OpenSea Support Agents Are Stealing Cryptowallets and NFTs In An Ongoing Scam

OpenSea users have been targeted in an aggressive Discord phishing attack over the last week. The attackers have been able to gain access to victims’ crypto wallets and steal funds and NFTs.

These individuals act as private support representatives for OpenSea users, which leads to the loss of NFT and cryptocurrency stored in their MetaMask wallets.

When a user needs help, they can reach out to OpenSea’s help center or their Discord server, a support channel actively promoted by the company. The fake support agents send private messages to such users, which include an invite to an ‘OpenSea Support’ server. Once the user joins the server, scammers ask the victim to open a screen share so that they provide direct support in fixing the problem.

“They ask you to screenshare so they can see wha you are seeing,” Nicholas, one of the victims, told BleepingComputer. This is necessary so that the scammers can scan the QR code in the next step.

The fake agent tells the victim they have to resynch their MetaMask Chrome extension with the MetaMask mobile app.

“Say you need to resync you MM and at this point your sort of sucked in to fixing this thing whatever it is. Pull up QR code and it immediately says “synced” (because they scanned it). So then they basicly have your seed phrase (without actually having it),” explained Nicholas.

The MetaMask app can scan this code to sync and import your Chrome wallet. However, the scammer who can see the code via screenshare can create a screenshot and use it to sync the victim’s wallet to their mobile app.

After scanning the QR code on their app, the fake support representatives were able to access Nicholas’ cryptocurrency and NFT collectible stored within it.

OpenSea has been alerted about the attacks and advises users to only open support requests through the official help center.

“Saddened to hear an OpenSea user was the victim of a significant phishing attack last night,” tweeted OpenSea’s Head of Product Nate Chastain.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.