Attackers scam OpenSea users via Discord

Tue 31 Aug 2021 ▪ 18h34 ▪ 3 min de lecture - par Katie Donaldson

Crypto market OpenSea has become the latest victim of hackers which reportedly use OpenSea’s Discord server to scam market’s customers.

Crypto market is still very young — it’s not surprising that there are crypto attacks happening almost every single day. Social engineering has been a weapon in scammers’ hands almost since dinosaurs roamed the Earth.

Scammers are now impersonating OpenSea’s support staff to steal cryptocurrencies and non-fungible tokens (NFTs). According to Jeff Nicholas, who uses OpenSea for selling his artworks, attackers stole all of his digital assets, including 4.5 Ether (ETH) from his crypto wallet, which is worth about £10,500.

New kind of worry

The fake representative tricked the artist into inadvertently enabling access to his MetaMask wallet, leading to the loss of assets. MetaMask is a software cryptocurrency wallet used to interact with the Ethereum blockchain. It allows users to access their Ethereum wallet through a browser extension or mobile app, which can then be used to interact with decentralised applications. 

The fake OpenSea employee asked Nicholas to share his screen, and he was told to resync the MetaMask Chrome extension with the MetaMask mobile app.

To sync the MetaMask wallet with Chrome extension, a user has to go to settings and a sync with mobile option appears. That then prompts for a password and a QR code. Any attacker can easily take screen grabs for further exploitation.

The MetaMask app was used for importing the Chrome wallet automatically. Once the scammers scan this QR code, they have full access to all digital assets within it.

The whole situation took place on Discord, reports Data Breach. Their officials have also said that to help ensure other users are not scammed on Discord, OpenSea should stop directing any support to Discord and shut down those channels.

Nate Chastain, OpenSea’s head of product, said the MetaMask team will be suspending the mobile QR code sync feature for an undetermined amount of time to defend users against phishing attacks that have become more prevalent in recent weeks.

OpenSea, a marketplace for blockchain-based digital assets, was targeted by attackers who are impersonating its support staff in order to steal cryptocurrency and NFTs.

A
A
Katie Donaldson

I went full time crypto back in June 2018, and have never looked back. I want to help persuade as many people as possible to come and build the decentralised future! Let’s go!

DISCLAIMER

The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.