New NFT private auction scam threatens OpenSea users

Phishing sites are making the private auction feature look like a way to log in, luring victims to give up their NFTs unknowingly. 1762 Total views 16 Total shares Listen to article 0:00 News Ho-ho-ho! Get Limited Holiday Trait!Collect this article as NFT As nonfungible tokens (NFTs) became more popular, bad actors who constantly try to exploit users within the space have become more active. Now, a new hack involving a feature on the NFT marketplace OpenSea threatens NFT holders through phishing sites.

In an announcement, anti-theft project Harpie warned NFT users of a new hack involving gasless sales on the OpenSea platform. According to Harpie, hackers were able to steal millions in digital assets by exploiting the feature.

When users want to conduct gasless sales within the OpenSea platform, they are required to approve a signature request with an unreadable message. With this feature, users are also able to allowed to create private auctions with unreadable signatures.

Hackers have been able to steal NFTs like magic with a little-known OpenSea feature. It’s the newest hack, and multiple millions in Apes have been lost to it already.

(1/4) pic.twitter.com/fTK20WQrgh Harpie (@harpieio) December 22, 2022

Because of this, phishing websites have been using this feature to ask their victims to sign one of these unreadable messages. According to Harpie, the signatures often pose as a step required to log in and access the website.

However, the login messages are actually signature requests to conduct a private sale of the victims NFTs to the scammer for 0 Ether (ETH). If signed, it will send the NFTs to the hackers wallet address.

Related: Projects would rather get hacked than pay bounties, Web3 developer claims

Apart from this scam, blockchain security company CertiK has also recently issued a warning to the crypto community over what they describe as ice phishing. Through this exploit, scammers trick Web3 users into signing permissions that allow the attackers to spend their tokens. CertiK noted that the scam is a significant threat and is unique to the Web3 world.

Back on Dec. 17, an analyst brought up how a scammer used the gas-less Seaport signature feature to allegedly steal 14 Bored Ape NFTs. After performing thorough social engineering, the hacker directed the victim to a fake NFT platform before asking the holder to sign a contract. This was followed by the victims wallet being drained. #Phishing #Scams #NFT #OpenSea Related News How to get a job in the Metaverse and Web3 How to add unlockable content to your NFT collection Two Bored Apes sell for $1M each: Nifty Newsletter, Nov. 2329 Magic Eden follows OpenSea with NFT royalty enforcement tool Metallica issues crypto scam alert before t72 Seasons album launch