In the last six days, OpenSea has been getting scammed under their eyes, and they have yet to notice, address or acknowledge it; in fact, Twitter has allowed this scam to continue and clearly is distracted by Elon taking over. Scams grow increasingly in this space by the day, but for a company not to address the issue is an entirely different problem, so let us bring it to your attention, OpenSea.
Opensea’s official username/account is @opensea. For the last six days, scammers have carefully crafted a copy of OpenSea’s Twitter account. One significant difference is that OpenSea’s Twitter Account has a verified checkmark, proving that Twitter has acknowledged its authenticity through verified sources such as news outlets and mentions around the Internet.
Notice the Twitter account for the scammers is not verified and has a different username but a convincing one.
The first difference is that although the icon is the same, you can see the username is @opensea-updates. Next, as you look at the fake Opensea Twitter account, you can see that they just started posting about a security update that “needs” addressing immediately, and they have inserted that link into most of their Tweets. For those of you with Metamask, it opens up and warns you that the link is a potential phishing link (which it 100% is).
Beginning October 27, 2022, the fake Twitter account announced that a security update needs to be done to protect your NFTs on OpenSea. The phony account all looks very legitimate but remember to look for critical things like the verification marker and the websites match. The fake account purchased has 113,000 followers, so when they posted about a scam and provided a phishing link, people did not hesitate to click the link and have their NFTs stolen from them.
This is not the first time Opensea has been in trouble or targeted. In July 2022, OpenSea admitted to having its email database compromised, consisting of over two million unique email addresses and crypto wallets. NFT marketplaces need to increase their security across the board, from KYC/AML to having a social watch team that monitors this kind of malicious activity. In February 2022, OpenSea was hacked, and in one day, the hackers stole over $500k.
So far, thousands of people have fallen for this scam. Some have lost one NFT, and some have had their entire accounts wiped out. This malicious activity has to stop, two-factor authentication should be mandatory for account verification, and people need to keep their eyes open for little differences between fake sites/accounts and real ones.
These kinds of security vulnerabilities are what will stop blockchain and crypto from reaching mass adoption. Like all news, the negative information gets much more coverage than the positive news, so this is taking zero steps forward and several steps back. OpenSea needs to wake up and see that they are a target and that money/NFTs are actively being stolen and make an announcement about how this will be amended and addressed at the highest level.
Editors Note: NFT Today Magazine did attempt to reach out to Senior Leadership at OpenSea for comment, and as of publication, we still haven’t received a response.
Benjamin Leff is a Writer at NFT Today Magazine. Based in New Orleans, he specializes in business development and VC deal flow. He has been featured in Yahoo Finance and Ticker International News.