OpenSea Fake Support Accounts

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

OpenSea

OpenSea is one of the largest NFT marketplaces in the world. In August 2021, an OpenSea user fell for an advanced social engineering ploy where the scammers pretended to be an entire OpenSea support team with multiple idle staff on Discord. The end goal of the scam is to get the victim to display their QR code for syncing with Mobile during a screen sharing session, which allows the entire wallet to be created on a mobile device. Once this was done, the scammers are able to recreate the wallet and steal all NFTs he held. While none of the NFTs were returned, some members of the community have provided free NFTs in response to the issue.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25]

About OpenSea

"The world’s first and largest digital marketplace for crypto collectibles and non-fungible tokens (NFTs). Buy, sell, and discover exclusive digital items." "Discover, collect, and sell extraordinary NFTs. OpenSea is the world's first and largest NFT marketplace."

"As the first and largest marketplace for Non-Fungible Tokens and Semi-Fungible Tokens, OpenSea provides a first-in-class developer platform consisting of an API, SDK, and developer tutorials. Feel free to browse around and get acclimated with developing smart contracts and interacting with NFT data."

"Fascinated by the [CryptoKitties] movement that was forming, Devin Finzer and Alex Atallah joined early adopter communities in Discord and started talking to users. With the OpenSea beta launch in December 2017, the first open marketplace for any non-fungible token on the Ethereum blockchain was born."

"Valued at $13 billion in a recent funding round, OpenSea has become one of the most valuable companies of the NFT boom, providing a simple interface for users to list, browse, and bid on tokens without interacting directly with the blockchain."

"[C]ybercriminals have been hiding in the platform’s Discord server posing as authentic OpenSea employees who offer assistance for the website."

"According to BleepingComputer, the impostor’s “help” results in users losing NFT collectibles and cryptocurrency that are kept in the target’s MetaMask wallets."

"The way the scam works is that when an OpenSea user needs help they can request assistance via the website’s Discord server or at the help center. As soon as this happens the threat actors begin messaging the user sending invitations to a false OpenSea Support server in order to get the help they need."

"One of the impacted individuals is Jeff Nicholas who was asked by the attackers to activate the screen share function in order to receive assistance with his problem."

"Lots of grooming, “working through the issue” pulling you in. Then ask you to screen share so they can see what you are seeing."

"Say you need to resync your MM and at this point your sort of sucked into fixing this thing whatever it is. Pull up the QR code and it immediately says “synced” (because they scanned it). So then they basically have your seed phrase (without actually having it)."

"It is important to be aware of the fact that anyone who has the QR code can take a screenshot of it and then use it to synchronize one’s wallet into their mobile apps."

"So this is why the cybercriminals are putting so much effort into convincing their victims to screen share. Scanning the QR code on their device gives the hackers posing as support representatives complete access to the crypto goods saved within it."

“Say you require to resync you MM and at this point your sort of sticked in to fixing this thing whatever it is. Pull up QR code and it immediately says “synced” (because they scanned it). So then they basicly have your seed phrase (without actually having it),” explained Nicholas.

"To synch your mobile MetaMask wallet with your Chrome extension, it is the potential to go to Settings and click on Advanced then tap Sync with mobile. You will be prompted to enter your password on this page, and a QR code will be displayed."

"The Mobile MetaMask Application can scan this QR Code to sync and import your Chrome wallet automatically. However, any user who sees this QR code, consisting of the fake support reps, can create a screenshot and then utilize that image to sync your wallet into their mobile applications."

"When the fake support representatives scanned the QR code on their mobile application, they now had full access to the cryptocurrency and any NFT collectibles preserved within it. The threat actors then transmit the victims to their wallets."

"Guys, I just got [scammed] bad. They wiped my ledger. Impersonators on the OpenSea discord impersonating @natechastain and others. Wiped 4.5 ETH and all of my apes and cats."

"Today has been rough. While I’m currently feeling a little better, I want to get in front of this & explain what happened last night as a cautionary tail for anyone - whether noob or seasoned vet - because I believe this can happen to anyone if ur guard is down like mine was."

"Yes, I was scammed. I took the bait. I blindly did some of the things we all say not to do over and over again, and part of me is really ashamed of that. But at this same time, this wasn’t as clear as it might seem from the outside."

"Have been having issues w royalty payouts on @OpenSea collections. Last payout was 7/11, & they are supposed to come at the latest monthly. So Sun 8/22, 11 days after I should have received them, I asked @natechastain about it. He said submit a ticket so the team can check."

"I did. Through ZenDesk. Monday PM rolled around & was impatient. Had seen lots of tweets/info from OpenSea & other artists/collectors I trust saying easiest way to get things dealt w is to bring the ZenDesk ticket# into Discord & one of the OS mods/customer support can expedite."

"So I dropped the ticket # in the support channel where I saw what looked like an OpenSea employee with “| OpenSea” in their name answering questions. Acknowledged me in a now deleted post, said he’d check it out & be right with me, & then next thing I know I have a DM."

"My DMs were off for this server. So if we were discussing in the channel, and now he’s popping up in my DMs, he must be admin/mod status is what I’m thinking, so this is ok. (I have no idea how that happened still.)"

"I get a link to an “OpenSea Support” server. I go there to find what I think is this rep, Nate, and some other “| OpenSea” employees looking busy, seemly working on other issues in hidden channels. I have a channel to myself."

"Long story short is these guys are good at what they do. Lots of little red flags, like Nate constantly typing “my guy” which didn’t feel right AT ALL, but I was distracted. Kids needed to be picked up, fed, put to bed, wrapping up work stuff, engaging w the community."

"Long story short is these guys are good at what they do. Lots of little red flags, like Nate constantly typing “my guy” which didn’t feel right AT ALL, but I was distracted. Kids needed to be picked up, fed, put to bed, wrapping up work stuff, engaging w the community."

"Real “on one” kind of day so I was going back and forth."

"This thing starts stretching out FOREVER. They can’t fix it. Of course they can’t, they aren’t doing shit - they are scammers. Say they are getting a "lead dev" & ask me to join a voice chat w screen share to diagnose."

"But, it was enough of a rouze that they had me in their social engineering shit, just going through the motions to fix this so I can move on with my life. It’s such a small amount of royalties I’m like fuck is this even worth it? (Clearly it wasn’t) 11"

"One thing leads to another & they want me to “Resync” my MetaMask wallet. It’s an issue w the wallet they say. So I somehow blindly ignore the warning in “Settings” & load up the QR code. Moments later, it says “Synced” & they say great! We’re all good.(They've now scanned it)"

"It isn’t all good. It doesn’t work. Payouts still “Pending.” An issue w MetaMask, need to connect another wallet to it. Doesn’t make sense & it all gets very confusing but this is support & we’ve been doing this so long now & I’m tired af so I just grab my ledger & use that."

"Same thing, QR code, Synced, still doesn’t work. Of course. So, oh! That’s why it doesn’t work, it’s a ledger and I have to sign for the changes by pressing the two buttons and hadn’t done that, so sign for the changes with the two buttons."

"(In fact you don’t have to do this, but I wasn’t clear on every little nuance of what does/doesn’t require a signature, it’s haphazard across Web3). All this time I’m screen sharing, so it’s sleight of hand and obfuscation."

"We’re working in one account, while they’re over in my vault now transferring items out and the signatures I’m giving on the ledger aren’t for connecting it to the payout address, they are for these transfers."

"It’s not sitting right, and I flip over to my vault profile to see all but one Ape are gone. Then it’s gone. Then they’re laughing “ohh, your little monkey pictures go away?? Oh nooo? HAHAHAHA.”"

"OMG. I’m fucked. They transferred everything. All the Apes, the dogs, the cat, the airdrops, all the ETH. They’re in my other account too, so I get in & try to salvage as much as I can, transferring it out to another wallet before it’s all gone. I get a few NFTs, some tokens."

"But 95%+ is gone, off in another wallet, that promptly flips everything to the highest bidders who now don’t realize it but have these stolen NFTs in their wallets that they paid a lot of money for. So now it’s even more complicated."

"It's easy to beat myself up. I was distracted. I wasn’t paying enough attention. I had gotten complacent. I didn’t know this scam was going on and I rarely use Discord. I was told this was the way to get things done. I trusted. I shouldn’t have. BUT THAT'S NOT TRUE."

"I am not at fault here. This should NOT have happened. There should not be an environment that allows this to run rampant. I'm one of many scammed recently. This needs to stop and @OpenSea has a responsibility here to protect their users."

"This is incredibly embarrassing on some levels. On others, incredibly traumatizing. Yes, I opened up the QR code and sign the ledger. But I was being severely manipulated and didn’t realize what was happening until it was too late. I was scammed, phished, robbed."

"Some [people] are going to say “that’s what you get.” And maybe they’re right. But let’s be clear, a scam is a scam, theft is theft, I had no intention of transferring or selling those assets. So now I am trying to find ways to get my property back."

"Don't come from money. Not an art star. Worked my ass off to get here. I have kids, bills to pay. Have busted my ass in the shadows behind clients & have finally found a place where creativity & community are coming together in a powerful way & nothing will scare me away."

"So say what you will, but don’t let it happen to you. I’m starting over. No ETH some NFTs left all the big ones gone. I believe in what we’re doing. We are in the middle of a cultural revolution, BUT it’s the Wild West rn so we ALL have to be careful, & take care of each other."

"It'll be ok. For now, I’m going to let myself be upset too. I need to feel that, but we’ll be shoulder to shoulder building this future together again as soon as I can start rebuilding."

"@telegram is the same..on decentralized apps like @PancakeSwap ask for an admin to solve a problem and see what happens...I did ..in 1 min I got more than 5 dms from scammers. So rry this happened to you. Companies rake in 100 of millions $,they simply don't care about us."

"The crypto goods platform is aware of the phishing attacks and urges the users to only submit support requests via its help center."

"Saddened to hear an OpenSea user was the victim of a significant phishing attack last night. The scammer masquerades as an OpenSea employee and has the user scan a QR code granting wallet access, Please be vigilant and direct support requests through our Help Center/ZenDesk."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - OpenSea Fake Support Accounts
Date Event Description
August 23rd, 2021 11:58:00 PM MDT Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $15,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

The total amount recovered is unknown.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @opensea_support Twitter (Mar 10, 2022)
  2. How OpenSea took over the NFT trade - The Verge (Mar 10, 2022)
  3. Dune Analytics (Mar 10, 2022)
  4. https://opensea.io/ (Mar 9, 2022)
  5. Meet OpenSea | The NFT marketplace with everything for everyone - YouTube (Mar 9, 2022)
  6. https://docs.opensea.io/docs (Mar 9, 2022)
  7. https://docs.opensea.io/docs/frequently-asked-questions (Mar 9, 2022)
  8. https://opensea.io/about (Mar 9, 2022)
  9. Attackers Posing as OpenSea Support Staff Try Stealing Crypto and NFTs (Mar 16, 2022)
  10. @_jeffnicholas_ Twitter (Mar 16, 2022)
  11. @xbt_0x Twitter (Mar 16, 2022)
  12. @natechastain Twitter (Mar 16, 2022)
  13. How this Fake OpenSea Support Staff is Hijacking Crypto wallets and NFTs? - Xiarch Solutions Private Limited (Mar 16, 2022)
  14. OpenSea users lose pricey NFTs, crypto to fake support staff on Discord (Mar 16, 2022)
  15. @_jeffnicholas_ Twitter (Mar 16, 2022)
  16. @WARHODL Twitter (Mar 16, 2022)
  17. @0n1Force Twitter (Mar 16, 2022)
  18. @seanbonner Twitter (Mar 16, 2022)
  19. https://coinmarketcap.com/currencies/ethereum/historical-data/ (Dec 21, 2021)
  20. @sillytuna Twitter (Mar 16, 2022)
  21. @_jeffnicholas_ Twitter (Mar 16, 2022)
  22. Fake OpenSea support staff are stealing cryptowallets and NFTs (Mar 16, 2022)
  23. @judeaz_ Twitter (Mar 21, 2022)
  24. @joncoffey Twitter (Mar 21, 2022)
  25. @oneinaneillion Twitter (Mar 21, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=OpenSea_Fake_Support_Accounts&oldid=4197"