OPENSEA

DESCRIPTION OF EVENTS

"The world’s first and largest digital marketplace for crypto collectibles and non-fungible tokens (NFTs). Buy, sell, and discover exclusive digital items." "Discover, collect, and sell extraordinary NFTs. OpenSea is the world's first and largest NFT marketplace."

"As the first and largest marketplace for Non-Fungible Tokens and Semi-Fungible Tokens, OpenSea provides a first-in-class developer platform consisting of an API, SDK, and developer tutorials. Feel free to browse around and get acclimated with developing smart contracts and interacting with NFT data."

"Fascinated by the [CryptoKitties] movement that was forming, Devin Finzer and Alex Atallah joined early adopter communities in Discord and started talking to users. With the OpenSea beta launch in December 2017, the first open marketplace for any non-fungible token on the Ethereum blockchain was born."

"Valued at $13 billion in a recent funding round, OpenSea has become one of the most valuable companies of the NFT boom, providing a simple interface for users to list, browse, and bid on tokens without interacting directly with the blockchain."

"[C]ybercriminals have been hiding in the platform’s Discord server posing as authentic OpenSea employees who offer assistance for the website."

"According to BleepingComputer, the impostor’s “help” results in users losing NFT collectibles and cryptocurrency that are kept in the target’s MetaMask wallets."

"The way the scam works is that when an OpenSea user needs help they can request assistance via the website’s Discord server or at the help center. As soon as this happens the threat actors begin messaging the user sending invitations to a false OpenSea Support server in order to get the help they need."

"One of the impacted individuals is Jeff Nicholas who was asked by the attackers to activate the screen share function in order to receive assistance with his problem."

"Lots of grooming, “working through the issue” pulling you in. Then ask you to screen share so they can see what you are seeing."

"Say you need to resync your MM and at this point your sort of sucked into fixing this thing whatever it is. Pull up the QR code and it immediately says “synced” (because they scanned it). So then they basically have your seed phrase (without actually having it)."

"It is important to be aware of the fact that anyone who has the QR code can take a screenshot of it and then use it to synchronize one’s wallet into their mobile apps."

"So this is why the cybercriminals are putting so much effort into convincing their victims to screen share. Scanning the QR code on their device gives the hackers posing as support representatives complete access to the crypto goods saved within it."

“Say you require to resync you MM and at this point your sort of sticked in to fixing this thing whatever it is. Pull up QR code and it immediately says “synced” (because they scanned it). So then they basicly have your seed phrase (without actually having it),” explained Nicholas.

"To synch your mobile MetaMask wallet with your Chrome extension, it is the potential to go to Settings and click on Advanced then tap Sync with mobile. You will be prompted to enter your password on this page, and a QR code will be displayed."

"The Mobile MetaMask Application can scan this QR Code to sync and import your Chrome wallet automatically. However, any user who sees this QR code, consisting of the fake support reps, can create a screenshot and then utilize that image to sync your wallet into their mobile applications."

"When the fake support representatives scanned the QR code on their mobile application, they now had full access to the cryptocurrency and any NFT collectibles preserved within it. The threat actors then transmit the victims to their wallets."

"Guys, I just got [scammed] bad. They wiped my ledger. Impersonators on the OpenSea discord impersonating @natechastain and others. Wiped 4.5 ETH and all of my apes and cats."

"Today has been rough. While I’m currently feeling a little better, I want to get in front of this & explain what happened last night as a cautionary tail for anyone - whether noob or seasoned vet - because I believe this can happen to anyone if ur guard is down like mine was."

"Yes, I was scammed. I took the bait. I blindly did some of the things we all say not to do over and over again, and part of me is really ashamed of that. But at this same time, this wasn’t as clear as it might seem from the outside."

"Have been having issues w royalty payouts on @OpenSea collections. Last payout was 7/11, & they are supposed to come at the latest monthly. So Sun 8/22, 11 days after I should have received them, I asked @natechastain about it. He said submit a ticket so the team can check."

"I did. Through ZenDesk. Monday PM rolled around & was impatient. Had seen lots of tweets/info from OpenSea & other artists/collectors I trust saying easiest way to get things dealt w is to bring the ZenDesk ticket# into Discord & one of the OS mods/customer support can expedite."

"So I dropped the ticket # in the support channel where I saw what looked like an OpenSea employee with “| OpenSea” in their name answering questions. Acknowledged me in a now deleted post, said he’d check it out & be right with me, & then next thing I know I have a DM."

"My DMs were off for this server. So if we were discussing in the channel, and now he’s popping up in my DMs, he must be admin/mod status is what I’m thinking, so this is ok. (I have no idea how that happened still.)"

"I get a link to an “OpenSea Support” server. I go there to find what I think is this rep, Nate, and some other “| OpenSea” employees looking busy, seemly working on other issues in hidden channels. I have a channel to myself."

"Long story short is these guys are good at what they do. Lots of little red flags, like Nate constantly typing “my guy” which didn’t feel right AT ALL, but I was distracted. Kids needed to be picked up, fed, put to bed, wrapping up work stuff, engaging w the community."

"Long story short is these guys are good at what they do. Lots of little red flags, like Nate constantly typing “my guy” which didn’t feel right AT ALL, but I was distracted. Kids needed to be picked up, fed, put to bed, wrapping up work stuff, engaging w the community."

"Real “on one” kind of day so I was going back and forth."

"This thing starts stretching out FOREVER. They can’t fix it. Of course they can’t, they aren’t doing shit - they are scammers. Say they are getting a "lead dev" & ask me to join a voice chat w screen share to diagnose."

"But, it was enough of a rouze that they had me in their social engineering shit, just going through the motions to fix this so I can move on with my life. It’s such a small amount of royalties I’m like fuck is this even worth it? (Clearly it wasn’t) 11"

"One thing leads to another & they want me to “Resync” my MetaMask wallet. It’s an issue w the wallet they say. So I somehow blindly ignore the warning in “Settings” & load up the QR code. Moments later, it says “Synced” & they say great! We’re all good.(They've now scanned it)"

"It isn’t all good. It doesn’t work. Payouts still “Pending.” An issue w MetaMask, need to connect another wallet to it. Doesn’t make sense & it all gets very confusing but this is support & we’ve been doing this so long now & I’m tired af so I just grab my ledger & use that."

"Same thing, QR code, Synced, still doesn’t work. Of course. So, oh! That’s why it doesn’t work, it’s a ledger and I have to sign for the changes by pressing the two buttons and hadn’t done that, so sign for the changes with the two buttons."

"(In fact you don’t have to do this, but I wasn’t clear on every little nuance of what does/doesn’t require a signature, it’s haphazard across Web3). All this time I’m screen sharing, so it’s sleight of hand and obfuscation."

"We’re working in one account, while they’re over in my vault now transferring items out and the signatures I’m giving on the ledger aren’t for connecting it to the payout address, they are for these transfers."

"It’s not sitting right, and I flip over to my vault profile to see all but one Ape are gone. Then it’s gone. Then they’re laughing “ohh, your little monkey pictures go away?? Oh nooo? HAHAHAHA.”"

"OMG. I’m fucked. They transferred everything. All the Apes, the dogs, the cat, the airdrops, all the ETH. They’re in my other account too, so I get in & try to salvage as much as I can, transferring it out to another wallet before it’s all gone. I get a few NFTs, some tokens."

"But 95%+ is gone, off in another wallet, that promptly flips everything to the highest bidders who now don’t realize it but have these stolen NFTs in their wallets that they paid a lot of money for. So now it’s even more complicated."

"It's easy to beat myself up. I was distracted. I wasn’t paying enough attention. I had gotten complacent. I didn’t know this scam was going on and I rarely use Discord. I was told this was the way to get things done. I trusted. I shouldn’t have. BUT THAT'S NOT TRUE."

"I am not at fault here. This should NOT have happened. There should not be an environment that allows this to run rampant. I'm one of many scammed recently. This needs to stop and @OpenSea has a responsibility here to protect their users."

"This is incredibly embarrassing on some levels. On others, incredibly traumatizing. Yes, I opened up the QR code and sign the ledger. But I was being severely manipulated and didn’t realize what was happening until it was too late. I was scammed, phished, robbed."

"Some [people] are going to say “that’s what you get.” And maybe they’re right. But let’s be clear, a scam is a scam, theft is theft, I had no intention of transferring or selling those assets. So now I am trying to find ways to get my property back."

"Don't come from money. Not an art star. Worked my ass off to get here. I have kids, bills to pay. Have busted my ass in the shadows behind clients & have finally found a place where creativity & community are coming together in a powerful way & nothing will scare me away."

"So say what you will, but don’t let it happen to you. I’m starting over. No ETH some NFTs left all the big ones gone. I believe in what we’re doing. We are in the middle of a cultural revolution, BUT it’s the Wild West rn so we ALL have to be careful, & take care of each other."

"It'll be ok. For now, I’m going to let myself be upset too. I need to feel that, but we’ll be shoulder to shoulder building this future together again as soon as I can start rebuilding."

"@telegram is the same..on decentralized apps like @PancakeSwap ask for an admin to solve a problem and see what happens...I did ..in 1 min I got more than 5 dms from scammers. So rry this happened to you. Companies rake in 100 of millions $,they simply don't care about us."

"The crypto goods platform is aware of the phishing attacks and urges the users to only submit support requests via its help center."

"Saddened to hear an OpenSea user was the victim of a significant phishing attack last night. The scammer masquerades as an OpenSea employee and has the user scan a QR code granting wallet access, Please be vigilant and direct support requests through our Help Center/ZenDesk."

OpenSea is one of the largest NFT marketplaces in the world. In August 2021, an OpenSea user fell for an advanced social engineering ploy where the scammers pretended to be an entire OpenSea support team with multiple idle staff on Discord. The end goal of the scam is to get the victim to display their QR code for syncing with Mobile during a screen sharing session, which allows the entire wallet to be created on a mobile device. Once this was done, the scammers are able to recreate the wallet and steal all NFTs he held. While none of the NFTs were returned, some members of the community have provided free NFTs in response to the issue.

@opensea_support Twitter (Mar 10)
How OpenSea took over the NFT trade - The Verge (Mar 10)
Dune Analytics (Mar 10)
https://opensea.io/ (Mar 9)
Meet OpenSea | The NFT marketplace with everything for everyone - YouTube (Mar 9)
https://docs.opensea.io/docs (Mar 9)
https://docs.opensea.io/docs/frequently-asked-questions (Mar 9)
https://opensea.io/about (Mar 9)
Attackers Posing as OpenSea Support Staff Try Stealing Crypto and NFTs (Mar 16)
@_jeffnicholas_ Twitter (Mar 16)
@xbt_0x Twitter (Mar 16)
@natechastain Twitter (Mar 16)
How this Fake OpenSea Support Staff is Hijacking Crypto wallets and NFTs? - Xiarch Solutions Private Limited (Mar 16)
OpenSea users lose pricey NFTs, crypto to fake support staff on Discord (Mar 16)
@_jeffnicholas_ Twitter (Mar 16)
@WARHODL Twitter (Mar 16)
@0n1Force Twitter (Mar 16)
@seanbonner Twitter (Mar 16)
https://coinmarketcap.com/currencies/ethereum/historical-data/ (Dec 21)
@sillytuna Twitter (Mar 16)
@_jeffnicholas_ Twitter (Mar 16)
Fake OpenSea support staff are stealing cryptowallets and NFTs (Mar 16)
@judeaz_ Twitter (Mar 21)
@joncoffey Twitter (Mar 21)
@oneinaneillion Twitter (Mar 21)

More case studies

Luna Yield
Rug Pull

Coinbase Vidovic
Account Sim Swap