How anybody can steal NFTs from sites like Opensea, Rarible and MetaMask wallets like a pro

Users of the OpenSea digital platform are being target of a sophisticated phishing attack that aims at the theft of non-fungible tokens (NFT) and cryptocurrency. The hackers behind this campaign infiltrate OpenSea’s Discord server posing as support employees, making it easier to trick victims.

As some users may know, OpenSea is the world’s largest digital marketplace, operating as a decentralized platform backed with blockchain technology. This platform specializes in NFTs, technology with various implementations, mainly digital art.

The attackers were trying to contact OpenSea users to offer them support privately, a tactic similar to other social engineering campaigns and which has proven to be truly useful for stealing sensitive information and login credentials to digital platforms.

The scam mainly targeted new users on OpenSea’s Discord server, who could post a request for help. The hackers monitored the platform to detect these requests as soon as they were published, allowing them to send messages with an invitation to a secondary server called “OpenSea Support”.

Jeff Nicholas, a digital artist who was a victim of the scam, points out that after joining this fake support server, hackers asked him to enable a screen sharing to solve his doubts. As part of this process, scammers tell the victim that they need to “resynchronize” their MetaMask Chrome extension with the MetaMask mobile app: “Users don’t really know what they mean by those terms, we just end up accepting because we need to solve our problems,” Nicholas adds.

At this point, MetaMask users will perform the Configuration> Advanced> Sync with Mobile action chain. Then the affected users enter their password on the page and a QR code appears.

The key to the attack is that anyone who sees this QR code can take a screenshot and then use that image to sync a wallet with their own mobile app, which is exactly what hackers do. The attack is highly dangerous as it only requires tricking the target user and obtaining this code to steal any assets from OpenSea users.

The platform has already been notified and it is expected that threat actors will soon be identified on Discord’s server or other security measures will be taken.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.