Blockchain & Cryptocurrency , Breach Notification , Cryptocurrency Fraud

Scammers Impersonate OpenSea Customer Support

Attackers Socially Engineer Digital Asset Holders on Discord
Scammers Impersonate OpenSea Customer Support
A screenshot of the OpenSea digital asset marketplace (Source: OpenSea)

Users of OpenSea, a marketplace for blockchain-based digital assets, are being targeted by scammers who are impersonating the company's support staff in order to steal digital assets such as cryptocurrency and non-fungible tokens.

See Also: Live Webinar | A Buyers' Guide: What to Consider When Assessing a CASB

Digital artists can use OpenSea to store, buy and sell NFTs. OpenSea user and artist Jeff Nicholas, who fell victim to this scam, tweeted the attackers stole digital assets he held as well as 4.5 ether - which is worth about $14,600 - from his Ledger hardware wallet.

The problem revolves around OpenSea using the Discord chat platform for customer support, tweets Sean Bonner, who is a photographer and associate professor at Japan’s Keio University.

"The way this attack is happening is people are being told to go to the OpenSea Discord and post their support ticket, attackers are monitoring these channels and then contacting people posing as OpenSea support, armed with info about their support claim," Bonner tweets.

OpenSea recently surpassed $1 billion in monthly trading volume, according to data compiled by The Block in August.

Disabling Services

Nicholas says he was targeted after threat actors impersonated an OpenSea support employee. The fake representative tricked him into inadvertently enabling access to his MetaMask wallet, leading to the loss of cryptocurrency and NFT collectibles stored there.

Nicholas posted an in-depth thread describing how he was duped.

MetaMask is a software cryptocurrency wallet used to interact with the Ethereum blockchain. It allows users to access their Ethereum wallets through a browser extension or mobile app, which can then be used to interact with decentralized applications.

Nicholas told Bleeping Computer how he was scammed. The threat actors asked him to share his screen, and he was told to resync the MetaMask Chrome extension with the MetaMask mobile app.

In order to sync a mobile MetaMask wallet with Chrome extension, a user has to go to settings, and a sync with mobile option appears. That then prompts for a password and a QR code. Any attacker can easily take screen grabs for further exploitation.

The mobile MetaMask app can scan this code and import the victim's Chrome wallet automatically. Once the threat actors scan this QR code, they have full access to the cryptocurrency and any NFT collectibles stored within it.

Nate Chastain, OpenSea's head of product, tweeted: "Saddened to hear an OpenSea user was the victim of a significant phishing attack last night. The scammer masquerades as an OpenSea employee and has the user scan a QR code granting wallet access. Please be vigilant and direct support requests through our Help Center/ZenDesk."

Chastain said the MetaMask team will be temporarily disabling the mobile QR code sync feature to defend against phishing attacks that have become more prevalent in recent weeks.

A spokesperson for OpenSea was not immediately available for further comment.

Discord: Not for Sensitive Customer Support

Roger Grimes, who is a data-driven defense evangelist at the security firm KnowBe4, says NFTs are frequently targeted by thieves.

"It's not surprising that social engineering is the primary way these value tokens are being stolen," Grimes says. "Social engineering has always been the number one way malicious digital crime happens, whether or not Discord and NFTs are involved."

Bonner says that to help ensure other users are not duped by fake support on Discord, OpenSea should stop directing any support to Discord and shut down those channels.

"Additionally, they should refund the stolen ETH [Ethereum cryptocurrency] and market value of the NFTs stolen," Bonner says.


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.