Scam artists swindle NFTs worth 'millions' in OpenSea phishing attack

Scam artists have taken advantage of a contract migration initiative to swindle NFTs out of users in an opportunistic phishing attack.

Last week, NFT marketplace OpenSea announced the rollout of contract migrations and an upgrade to make sure inactive, old NFT listings on Ethereum expire safely and to allow OpenSea to “offer new safety features in the future.”

The contract migration timeline was set from February 18 to February 25. 

NFT holders are required to make the change and OpenSea published a guide to assist them. After the deadline, any listings that were not migrated would expire, although they could be re-listed after this window without further fees. 

However, an attacker saw an opportunity to cash in. Check Point Research has suggested that phishing emails were sent to users, linking them to fraudulent websites.

“Some hackers took advantage of the upgrade process and decided to scam NFT users by using the same email from OpenSea and resending it to the OpenSea victims,” the researchers said.

Marketplace users were reportedly urged to click a link and sign a malicious transaction that was crafted to look like a legitimate OpenSea request. 

According to the researchers, the attacker created their contract

Read More: