Quick take:
- OpenSea potentially hacked again amid a new email phishing scam impersonating the NFT marketplace.
- Some OpenSea users reported Wednesday receiving emails from “team@opensea.io”.
- According to @0xQuit on Twitter, the phishing link redirects users to a scam site that attempts to steal their seed phrase.
OpenSea users have been cautioned about an email scam going around that redirects them to a fake website. According to a Twitter thread by @0xQuit, once redirected to the fake site, they are asked to re-identify themselves, a process that requires giving out the seed phrase.
It is nightly recommended to NEVER enter your seed phrase anywhere online because this could result in losing your wallet to hackers.
The scam email comes in a growing list of security breaches related to OpenSea. The platform recently revealed that user emails had been compromised after an employee of Customer.io the company’s email vendor shared addresses with an unauthorised third party.
Whether the scam email that has found its way to some OpenSea accounts is a consequence of that leak is yet to be determined.
Once users click on the link shared in the email, they are asked to log in to their MetaMask accounts, the primary wallet service provider for a majority of OpenSea NFT traders. According to @0xQuit, the log-in portal does not lead to the real MetaMask website, but rather a modal hosted on the scam site.
If you try to enter any password, it will fail, which then will lead to the point where you are asked to enter your seed phrase to re-identify yourself.
The user also provides screenshots of evidence that if you try to open the real MetaMask, a popup window will open on top of the fake one. Under normal circumstances, the opened MetaMask popup should close once the new one opens. The fake popup cannot be closed.
NFT scams have continued to hold back the growth of the industry with some potential new entrants deeming it too risky. Over the last 12 months, ending July 2022, over $100 million worth of NFTs were stolen according to a report published by crypto analytics and fraud assessment platform Elliptic.
Stay up to date:
