Once again, scammers test the security of the blockchain with another phishing attempt on the Web3 community. A suspicious address attempting to mask itself as an official BAYC affiliated address sent multiple fake NFT land packages under the BAYC developer contract to various blue-chip holders and Web3 influencers by exploiting a suspected bug inside OpenSea.
OpenSea Bug Exploits
The code inside the NFT supposedly can initiate transfers regardless of wallet ownership. However, as users become more experienced inside Web3, surprise NFTs by phishing attempts send more of a red flag than they used to. In comparison, a review of the phishing address below shows the true intentions of the scammers.
By reviewing recent transactions, the address in question pulls the scam NFTs (Red) from the BAYC contract (Blue) in an attempt to disguise themselves as a legit source. The bogus NFTs are then sent to various wallets (Green) in an effort to steal their assets. However, by examining the address that initiated the transactions (Yellow), it does not match the BAYC contract (Blue). Therefore, the phony NFTs bears no relation to the BAYC community.
As scams inside Defi continue to rise, Opensea attempts to combat bug exploits & the wave of scammers. By partnering with communication platforms such as Metalink, Opensea offers clients “advanced” customer support by utilizing Web3 technology.
While scams primarily target wallets with significant assets, every user can become a victim of phishing attacks. Safety inside Web3 is a priority; while users combat scammers in different ways, having multifactor authentications and hardware wallets remain at the top of the list for Web3 browsing.
“As we want to interact more fully with the NFT ecosystem. – Our goal is to provide you with a direct line of communication with OpenSea so that you may get support, provide comments, receive updates, and provide any other information that would help us better serve you.” – Stevey Tromberg OpenSea’s head of the community.