August 25, 2021

OpenSea users are falling victim to a widespread Discord phishing attack to steal cryptocurrency funds and NFTs.

Last week hackers were lurking on the Discord server of OpenSea posing as official support representatives of the site.

These phony reps give private “support” to OpenSea users who need it, resulting in the loss of cryptocurrencies and NFT collectibles stored in the victim’s MetaMask wallets.

When a user joins the Discord server and makes a technical support request, scammers lurking on the server start sending private messages to the user that include an invitation to an ‘OpenSea Support’ server to get support.

After joining the fake OpenSea support server, the scammers ask users to open a screen share so they can provide assistance and guidance in solving the problem.

The fake support member then informs the victim that they need to re-sync their MetaMask Chrome extension with the mobile app MetaMask.

The MetaMask mobile app can scan a QR code to automatically sync and import the victim’s Chrome wallet. But, anyone with that QR code, including the fake support staff, can take a screenshot and then use that image to sync the wallet with their mobile apps.

When the fake support reps scan the QR code on their mobile app, they now have full access to the cryptocurrency and all the NFT collectibles it contains, allowing them to transfer the collectibles into their wallets.

OpenSea is aware of the attacks and urges users to only open support requests through its Help Center.

Users are also urged never to share their wallet recovery keys, password phrases and QR codes, which are used for syncing to prevent wallets from being stolen by fraudsters.

For more information, read the original story in BleepingComputer.