$2 Million Worth of NFTs Stolen From OpenSea Accounts

    $2 Million Worth of NFTs Stolen From OpenSea Accounts

    NFT platform, OpenSea, is currently investigating a large phishing attack after seventeen of its users lost more than 250 NFTs — worth approximately $2 million.

    OpenSea, which recently hit a staggering $5 billion in monthly sales, stated that the attack did not exploit any vulnerabilities on their platform. Instead, it was a classic case of social engineering: deceiving users via phishing emails. OpenSea has warned users to remain vigilant. More importantly, customers should not click on any link that doesn’t belong to the opensea.io domain.

    The attackers were reportedly aware of an upcoming OpenSea update that was scheduled for February 18th – 25th.  They knew that the company would be sending out emails with instructions on how to handle the process.  Therefore, the attackers prepared fake emails and websites of their own.

    The emails were then sent to customers who unknowingly clicked on the malicious links. Unfortunately for them, doing so allowed the attackers access to a number of forwarding requests with verified parameters. As a result, the NFTs could be passed on to the attackers.

    In a Twitter thread, Devin Finzer, (OpenSea co-founder and CEO) has provided further information on the hack:

    OpenSea_20220223_1

    In Other NFT Scam News

    OpenSea_20220223_MetaMask
    OpenSea_20220223_Trust

    Example Phishing Emails

    Here at Trend Micro, we’ve been reporting for a while on NFTs and the related scams that target customers. Do check out this article for a comprehensive overview: “What Are NFTs? 5 Common NFT Scams & 9 Safety Tips 2021”. And head over here for a useful list on fake crypto sites and platforms.

    Our researchers, hard at work keeping our readers & customers safe and secure, have found two more crypto-related phishing scams. One concerns MetaMask, and the other Trust Wallet. Keep an eye out for malicious phishing emails — when in doubt, contact these platforms directly via their support page.

    OpenSea_20220223_MetaMask_2
    OpenSea_20220223_Trust Wallet_2

    Example Phishing Pages

    As ever, if you’ve found this article an interesting and/or helpful read, please do SHARE with friends and family to help keep the online community secure and protected.

    Check out Trend Micro ScamCheck — an all-in-one browser extension used for detecting scams, phishing attacks, malware, and dangerous links — it’s FREE! After you’ve pinned ScamCheck, it will block dangerous sites automatically! It is now available on Safari, Google Chrome, and Microsoft Edge.

    Post a comment

    Your email address won't be shown publicly.

    0 Comments

      This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings.