in

Scammers Impersonate OpenSea Customer Support


Blockchain & Cryptocurrency
,
Breach Notification
,
Cryptocurrency Fraud

Attackers Socially Engineer Digital Asset Holders on Discord

A screenshot of the OpenSea digital asset marketplace. (Source: OpenSea)

OpenSea, a marketplace for blockchain-based digital assets, is being targeted by scammers who are impersonating its support staff in order to steal digital assets such as cryptocurrency and non-fungible tokens.

See Also: Autonomous Systems: The Future of Cyber Security


Digital artists can use OpenSea to store, buy and sell NFTs. OpenSea user and artist Jeff Nicholas, who fell victim to this scam, tweeted the attackers stole digital assets he held as well as 4.5 ether from his Ledger hardware wallet, which is worth about $14,600.


The problem revolves around OpenSea using the Discord chat platform for customer support, tweets Sean Bonner, who is a photographer and associate professor at Japan’s Keio University.

“The way this attack is happening is people are being told to go to the OpenSea Discord and post their support ticket, attackers are monitoring these channels and then contacting people posing as OpenSea support, armed with info about their support claim,” Bonner tweets.


OpenSea recently surpassed $1 billion in monthly trading volume, according to data compiled by The Block in August.


Disabling Services


Nicholas says he was targeted after threat actors impersonated an OpenSea support employee. The fake representative tricked him into inadvertently enabling access to his MetaMask wallet, leading to the loss of cryptocurrency and NFT collectibles stored there.


Nichloas posted an in-depth thread describing how he was duped.



MetaMask is a software cryptocurrency wallet used to interact with the Ethereum blockchain. It allows users to access their Ethereum wallet through a browser extension or mobile app, which can then be used to interact with decentralized applications.


Nicholas told Bleeping Computer how he was scammed. The threat actors asked him to screen share, and he was told to resync the MetaMask Chrome extension with the MetaMask mobile app.


In order to sync a mobile MetaMask wallet with Chrome extension, a user has to go to settings and a sync with mobile option appears. That then prompts for a password and a QR code. Any attacker can easily take screen grabs for further exploitation.


The mobile MetaMask app can scan this code and import the victim’s Chrome wallet automatically. Once the threat actors scan this QR code, they have full access to the cryptocurrency and any NFT collectibles stored within it.


Nate Chastain, OpenSea’s head of product, tweeted: “Saddened to hear an OpenSea user was the victim of a significant phishing attack last night. The scammer masquerades as an OpenSea employee and has the user scan a QR code granting wallet access. Please be vigilant and direct support requests through our Help Center/ZenDesk.”


Chastain said the MetaMask team will be temporarily disabling the mobile QR code sync feature to defend against phishing attacks that have become more prevalent in recent weeks.


A spokesperson for OpenSea was not immediately available for further comment.


Discord: Not for Sensitive Customer Support


Roger Grimes, who is a data-driven defense evangelist at the security firm KnowBe4, says NFTs are frequently targeted by thieves.


“It’s not surprising that social engineering is the primary way these value tokens are being stolen,” Grimes says. “Social engineering has always been the number one way malicious digital crime happens, whether or not Discord and NFTs are involved.”


Bonner says that to help ensure other users are not duped by fake support on Discord, OpenSea should stop directing any support to Discord and shut down those channels.


“Additionally, they should refund the stolen ETH [Ethereum cryptocurrency] and market value of the NFTs stolen,” Bonner says.



Source link

What do you think?

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Are Social Media Platforms Like TikTok, Instagram, Snapchat The Next Big Threat Facing Amazon? – Amazon (AMZN)

Jyotika makes her social media debut on Instagram