The cyber-crime never rests, so, it’s important to always be alert. This time, a new group of scammers is stealing Non-Fungible Tokens (NFTs) and more crypto-funds from unaware OpenSea users through Discord. As you may know, OpenSea is a P2P marketplace where you can store, buy and sell NFTs.
Discord is a very popular chat inside the cryptocurrency world. Almost every blockchain company or crypto-project has its own community on this platform, and everyone can participate, talk and create their own servers for free. That’s why it’s been used lately by all sorts of scammers to lure their victims. Previously, the scammers have pretended to make crypto-giveaways, and now they’re pretending to be part of the OpenSea support team.
According to recent reports by the victims, they have turned to the OpenSea server on Discord to find help from the support team (present in there). Then, someone posing as the said team would send them private messages, inviting them to join an ‘OpenSea Support’ server to receive help.
Once joined, they would ask the victim to share their screen, so they can see exactly what the victim sees. Next, the scammers would “guide” the user to resynch their MetaMask Chrome extension with the MetaMask mobile app. This is a function that allows the user to retrieve their wallet (and their funds and NFTs) from Chrome to the MetaMask mobile app. A simple QR code makes this possible, and that’s where the robbery unfolds here.
The scammers are seeing everything because the victim shared the screen with them. Taking a screenshot of the private QR is very easy at this point. With it, the scammers can empty the associated wallet, including collectibles and funds.
Phishing and how to avoid it
The tactic of pretending to be someone else (and especially some support team) is very old, but never completely useless for the scammers. It’s known as phishing, and you can also receive some emails alerting you about supposed security problems with your account (any account), for example. That’s why it’s very important to pay attention to every message received: if something it’s odd, then it’s time to block those people.
In this case, sadly, the official OpenSea team instructed their users (previously) to find help through Discord. Now they’re discouraging this practice and asking their users to request support only at OpenSea’s help center. Besides, you must never share any kind of way to recover your wallet, including your private keys or private QR.
As additional measures to take against general phishing, don’t open dubious emails and let alone their attachments or links, don’t make downloads from non-official websites, and always keep updated your operative system, software, and other devices. The scammers rarely go for the more difficult victims.
Featured Image by Darwin Laganzon / Pixabay