Skip to content

OpenSea users targeted in phishing scam mimicking NFT offers

  • by
  • 3 min read

Photo by Sashkin/Shutterstock.com

A sophisticated phishing scam is targeting NFT enthusiasts by impersonating the popular marketplace OpenSea, tricking users into connecting their crypto wallets to fraudulent sites. By mimicking OpenSea’s branding and leveraging fake notifications about NFT offers, attackers aim to steal funds and sensitive information from unsuspecting users.

The phishing campaign relies on social engineering tactics to lure victims. Threat actors send emails impersonating OpenSea, falsely claiming the recipient has received an offer on an NFT they have listed. While appearing legitimate, these emails originate from deceptive addresses like ‘administrator@motordna.io.’

By mimicking OpenSea’s branding and formatting, the attackers create a facade of authenticity, preying on unsuspecting users who may not scrutinise the sender’s email address.

 “We have robust systems in place to detect and prevent against phishing attempts, and we’re actively responding to the current situation,” said an OpenSea spokesperson told Candid.Technology. “We only communicate through official channels – emails from opensea.io and support@help.opensea.io domains, verified with blue checkmarks in Gmail and ‘Digitally Certified’ marks in Apple Mail.”

Phishing email sample. | Source: Cofense

The email aims to evoke urgency and excitement, urging recipients to click on the embedded ‘Access Now’ button. Once clicked, users are redirected to a fraudulent website replicating OpenSea’s interface, complete with a fabricated offer on an NFT.

“By branding the email as OpenSea and employing the same email format used for an actual notification from the OpenSea NFT marketplace, the threat actor hopes to ease the recipient’s suspicion so they will click the button in the email body,” researchers explained. “The email uses social engineering tactics by adding a sense of urgency and excitement that the recipient may have an open offer on an NFT they have listed.”

Phishing page sample. | Source: Cofense

On the phishing site, users are prompted to ‘connect their wallet’ to secure the supposed offer. The page presents multiple wallet connection methods, including QR codes and login prompts. Once the user enters their credentials or connects their wallet, the attacker again controls, potentially draining the victim’s crypto assets and compromising associated information.

This attack highlights the evolving strategies employed by cybercriminals in the crypto and NFT domains. As the NFT market expands, so does its appeal to threat actors seeking to exploit users unfamiliar with phishing tactics. The tailored nature of this scam, aimed directly at OpenSea users, illustrates how threat actors leverage trust in established platforms to carry out their schemes.

Researchers have urged users to verify the sender’s email address before clicking any links, avoid interacting with unsolicited offers or notifications, access OpenSea directly through its official website rather than via email links, and use hardware wallets or other secure methods for managing crypto assets.

In the News: Two critical flaws in CleanTalk plugin endanger 200,000+ websites

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>