Users of the OpenSea non-fungible token (NFT) marketplace OpenSea have become victims of a scam on the messaging service Discord aimed at stealing their NFTs and cryptos.
According to Bleeping Computer, the scammers have taken over OpenSea's main Discord server. They have asked users to switch to a separate OpenSea support services server. Victim Jeff Nicholas has reported after joining this server, the attackers asked him to give them remote access to his screen supposedly in order to help him.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.
They then said that the MetaMask Chrome extension should be re-synced via the MetaMask mobile app. The synchronization of the mobile wallet with the wallet in Chrome is done through the settings of the extension, which, after entering the password, displays a QR code on the screen. At the same time, the extension warns against sharing the QR code with third parties, as scanning it allows you to automatically import the wallet to your mobile device. Nicholas explained:
"Say you need to resync you MM and at this point your sort of sucked in to fixing this thing whatever it is. Pull up QR code and it immediately says ‘synced’ (because they scanned it). So then they basically have your seed phrase (without actually having it)."
OpenSea has said it is aware of the problem and recommends that users only contact them through their website:
"Saddened to hear an OpenSea user was the victim of a significant phishing attack last night. Please be vigilant and direct support requests through our Help Center/ZenDesk."