Phishing Campaign Targets NFT Speculators
Scams follow fashion because money follows fashion. So it’s no surprise that non-fungible tokens (NFTs), which have become a hot speculative property, have drawn scam artists for phishing campaigns. They’re not so much interested in the NFTs themselves as they are in the speculators’ cash. OceanSea, a leading NFT marketplace, has responded to panicky tweets from users to reassure them that it’s on top of rumors of “an exploit” connected to the smart contracts traders use.
CoinDesk writes that, “On Twitter, traders shared what they’d initially thought were official OpenSea emails about the migration process from contract A to contract B. ” But the links shared in the emails apparently led to malicious contacts masquerading as part of OceanSea’s contract migration process. Devin Finzer (@dfinzer), OceanSea’s CEO, offered this perspective over Twitter:
“Feb 19, 2022
I know you’re all worried. We’re running an all hands on deck investigation, but I want to take a minute to share the facts as I see them:
As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen.”
“On Twitter, traders shared what they’d initially thought were official OpenSea emails about the migration process from contract A to contract B,” CoinBase explained, adding, “PeckShield, a blockchain security company that audits smart contracts, stated that the rumored exploit was “most likely phishing” – a malicious contract hidden in a disguised link. The company cited that same mass email about the migration process as one of the possible sources of the link.”
Fraud adapts quickly to new conditions and new opportunities, and NFT markets are, of course, not exempt. New-school security awareness training can help users recognize and avoid even novel scams.