OpenSea, the largest NFT marketplace out there, constantly finds itself threatened by notorious cyber actors. A new type of scam is emerging for OpenSea’s visitors, offering ‘no gas sales’ on the platform and ultimately redirecting victims to fraudulent websites. Built on blockchain technology, NFTs are digital collectibles that have financial value and can also be used in metadata. Web3 scammers are known to have infiltrated the NFT sector to profit big from a theft.
Harpie, the anti-theft platform, has issued a warning about this ongoing scam to warn the group OpenSea visitorsBrowse for NFTs, as well as buyers and sellers.
OpenSea has a feature to conduct gas-free sales where NFT seller can help their buyers avoid platform fees by doing it themselves.
As part of a reported ongoing scam, hackers are tricking people into signing an unreadable message. Non-gas NFTs are likely to attract first-time buyer signature requests.
Users can also set up private auctions with custom prices with these unreadable signatures needed to approve gas-free transactions.
“Cheat sites will ask victims to sign an innocuous-looking “login signature” in order to access their site. But this login signature is actually a request to sell your NFT privately for 0 ETH to the hacker’s address,” Harpie wrote in a Twitter post.
The platform also claims that in recent times many ‘Apes’ NFTs, potentially from Bored Apes . Yacht Club collection was stolen from OpenSea.
Hackers were able to steal the NFT like magic using a little-known OpenSea feature. This is the latest hack and millions of Apes have already been lost because of it.
(:topic:1/4) pic.twitter.com/fTK20WQrgh
– Harpie (@harpieio) December 22, 2022
The exact number of NFTs stolen or affected users is yet to be disclosed.
For now, OpenSea has yet to address Harpie’s concerns.
However, this is not the first time that OpenSea has faced a hacking threat.
In February, at least 32 OpenSea users lose their shares worth $1.7 million (approximately Rs. 12.5 crore) for a phishing attack. At the time, the company stated that the attack occurred from outside the website, where attackers lured users into making malicious deals.
In August, OpenSea decided involving police officials in cases of theft of all degrees, rather than only in cases of escalating disputes.
This change is intended to ensure that users are protected against the risks of mistakenly purchasing stolen digital collections.
