The latest, quite significant, and severe Discord phishing attack intended at stealing cryptocurrency funds and NFTs have badly attacked OpenSea users. Cybercriminals have been sneaking on OpenSea's Discord server for the past week, masquerading as authorized support representatives for the website. These bogus employees provide confidential support to an OpenSea user in need, resulting in the loss of cryptocurrency and NFT collectibles managed in the victim's MetaMask wallets.
OpenSea is the world's largest NFT marketplace, with a 542 percent rise in volume over the last month, accounting for over half of the company's entire lifetime transaction volume of $2.423 billion.
OpenSea is indeed a peer-to-peer marketplace for crypto collectibles and non-fungible tokens. It encompasses collectibles, gaming items, and other virtual products secured by a blockchain. A smart contract on OpenSea allows anybody to buy or sell these products.
This instance was a scenario where the fraudsters took advantage of the working of the site.
Whenever an OpenSea user requires assistance, they could contact the site's help center or the site's Discord server. Later when the user joins the Discord server and publishes a help request, fraudsters lurking on the server immediately start sending the user personal messages. These messages include an invitation to an OpenSea Support server to receive further assistance.
Jeff Nicholas, an artist who was a victim of this fraud, informed Bleeping Computer that after joining the bogus OpenSea support server, the scammers urged him to open the tab on screen sharing so that they could offer assistance and guidance in resolving the issue.
“Lots of grooming, processing through the issue pulling you in. Then ask you to screen share so they can see what you are seeing”, Nicholas told.
“Say you require to resync you MM and at this point your sort of stuck into fixing this thing whatever it is. Pull up QR code and it immediately says “synced” (because they scanned it). So then they have your seed phrase (without actually having it),” he explained.
It is possible to sync the mobile MetaMask wallet with the Chrome extension by going to 'Settings', clicking on 'Advanced', and thereafter tapping 'Sync with mobile'. On this screen, users would be required to enter the password and then a QR code would be generated.
The Mobile MetaMask Software automatically scans this QR Code to synchronize and import the user's Chrome wallet, immediately. Nevertheless, any user who encounters this QR code along with the bogus support representatives, can take a screenshot and use that snapshot to synchronize the wallet into their smartphone apps.
Whenever the bogus support agents scan the QR code on their smartphone app, they gain complete access to the cryptocurrency and any NFT collectibles stored within it. The victims are then transported to the threat actors' wallets.
To avoid having the wallets swiped by these types of frauds, one must never disclose their wallet's recovery keys, password phrases, or QR codes used for synchronizing.
“Saddened to listen an OpenSea user was the victim of a significant phishing attack last night,” read a tweet by OpenSea’s Head of Product Nate Chastain. “The scammer masquerades as an OpenSea employee and has the user scan a QR code granting wallet access. Please be attentive and direct support requests through our Help Center/ZenDesk.”