Scammers exploit OpenSea users with the new gasless private auction feature

Attackers have found a new loophole to steal NFTs from OpenSea users through phishing websites. Harpie, an on-chain firewall and analyst, reports on multiple Bored Apes worth millions of dollars stolen through it.

The world’s biggest marketplace recently introduced a private auction feature with an unreadable signature message, allowing users to sell their NFTs without paying for gas. However, this feature is causing much greater loss to users due to phishing attacks.

Since this auction shows unreadable messages, the users sign on to the website, thinking it is a login method and without double-checking whether it’s legit or not. According to Harpie, the signature on phishing links is actually a private sale to transfer NFTs for 0 ETH to the attacker’s wallet.

OpenSea hasn’t addressed the issue yet, so users are required to take their own safety measures to prevent them from becoming victims of this raid.

There has been a rising concern over NFT scams and attacks. Recently, a scammer used 1-month of social engineering to manipulate Bored Ape owners and managed to steal 14 NFTs.

As the popularity of NFTs rise, scams are also becoming more complex; therefore, there’s a dire need for regulation and safety.

• About author
• Disclaimer

news room

Keep up with latest news and announcements in Web3 world with NFTStudio24, Japan's first media platform built on blockchain technology revolutionizing the age of news and reporting.

The content provided here is for general informational purposes only. It should not be considered as professional advice. Any actions taken based on this information are at your own risk. We do not assume any responsibility or liability for the accuracy, completeness, or suitability of the information. Always consult with a qualified professional for specific advice related to your circumstances.