The victim of the attackers was artist Jeff Nicholas. He described the way in which criminals gain access to the MetaMask cryptocurrency wallet.
Fraudsters have found a way to steal non-exchangeable tokens (NFTs) and cryptocurrency from users of the OpenSea marketplace, reports Bleeping Computer. According to the publication, attackers on the Discord messenger are encouraging users to go to the "OpenSea Helpdesk" chat room, which is not actually associated with the marketplace.
OpenSea is one of the largest NFT marketplaces that allows you to create your own non-interchangeable tokens and sell them.
Artist Jeff Nicholas approached the scammers for help. The scammers asked Nicholas to turn on a screen demo and then re-sync the MetaMask extension for Google Chrome with the mobile version of the cryptocurrency wallet.
Guys, I just got hacked bad. They wiped my ledger. Impersonators on the OpenSea discord impersonating @natechastain and others. Wiped 4.5 ETH and all of my apes and cats. Fuck.
MetaMask wallet is synchronized with the mobile app using a QR code. The developers of MetaMask warn that the QR code must not be shown to other users, as they can use it to access the wallet.
According to Nicholas, the scammers immediately scanned the QR code and got the access to the wallet. They then took possession of his cryptocurrency and NFT tokens and transferred them to their addresses. Nicholas claims that the fraudsters stole nearly $500k from him as a result of the phishing attack.
Nate Chastain, head of product at OpenSea, commented on the incident. He urged users of the marketplace to be vigilant and to contact only the official OpenSea support centre.