By making the private auction option look like a login method, phishing websites trick people into giving away their NFTs.
Since nonfungible tokens (NFTs) have become more popular, bad actors who try to take advantage of people in the ecosystem have become more active. At the moment, NFT holders are at risk because phishing websites have been used to hack a part of the NFT marketplace OpenSea.
Efforts to stop theft Harpie told NFT users about a new attack that used the OpenSea platform to make purchases without gas. Harpie says that hackers were able to steal millions of dollars worth of digital assets by using the feature.
In order to make gasless sales on the OpenSea platform, users must approve a signature request with a message that they can’t understand. Users can also use this feature to make private auctions with signatures that can’t be read.
Because of this, phishing websites have been asking their victims to sign one of these letters that no one can understand. Harpie says that signatures are often shown as a step that must be taken to log in and get to the website.
The login messages, on the other hand, are really signature requests for the victim to sell their NFTs privately to the scammer for 0 ETH ETH tickers down $1,216. If it is signed, the NFTs will be sent to the hacker’s wallet address.
CertiK, a blockchain security company, recently warned the cryptocurrency community about something they call “ice phishing” in addition to this fraud. Con artists use this flaw to get Web3 users to sign permissions that let the attackers use their tokens. CertiK says that the scam is unique to the Web3 industry and is a very serious threat.