CyberCriminals Are At It Again
It brings me absolutely no pleasure to report to you about some recent scams in the world of NFTs. It seems that some users on OpenSea fell prey to the latest scams that left their wallets empty after receiving a “free gift”.
A Security research firm by the name of Check Point Software looked into a number of complaints from OpenSea users that said their wallets were empty after spending some time on the OpenSea platform.
For those of you who are unaware, OpenSea is an NFT Marketplace where traders from all over the world can Buy, Sell, and Trade NFTs. For the convenience of the platform and the ability to bring buyers and sellers together, OpenSea gets a cut from every sale. All of that is well and good until everything goes wrong.
To be perfectly honest, the vulnerability was actually quite genius. OpenSea however should have explored this style more as the revenue cash started pouring in. Be that as it may, it has said they released some fixes to their site already.
The way the scam worked was that users were offered a “Free Gift”. This gift was some kind of NFT. Once the user received the gift and interacted with it, the payload was released and the hackers now had a way to connect to the users’ wallet. Shoot over a little popup onto the victims MetaMask and Boom – wait for the unconscious ACCEPT button to be hit to send all of your money to the thief who apparently also stole your heart.
What You Can Do To Stay Safe
There are times when people get hacked and once you learn the methods used and how careless a user was, you can’t help but feel like that was a lesson they simply needed to learn but then there are times where the hack is so good, so clean it’s almost like a street performer asking you what cup the ball is under. For the latter type, you can’t help but feel bad for them. So, what can YOU do to better protect yourself because this will not be the first and will absolutely not be the last time someone tries to steal money.
First things first – Free is always Suspect. Yes, some things can be airdropped but that usually means you signed up somewhere or were staking something already.
Next, pay attention to every notification from your Wallet. The wallet won’t sound an alarm and say “You’re Being Robbed” but it will tell you that you are accepting a transfer of all of your funds to an unknown address.
Whitelist – this is the act of only allowing your wallet to interact with known good addresses. This can be a bit of a pain when it comes to trading but is a decent safeguard to play around with.
Stay in the Know – Things move very quickly in this market and these types of stories break on all platforms. If you hear about a hack, read about it so you can make sure you don’t fall for the same scams.
Disconnect – instead of leaving a tab open with your wallet connected at all times, disconnect your wallet as separation makes this hack impossible.
Diversify your risk – There are many free wallets out there. There is no need to use one wallet for everything you do. You can have a wallet that essentially holds your larger portion of crypto and then another wallet that you use for transactions on sites like OpenSea. This way, if you do get compromised, the pain is much less.