A recent example of an alleged NFT scam on OpenSea

This Twitter thread is well worth a read. It is both educational and frightening.

How was this person hacked and scammed out of their ETH NFT's and Crypto?

On the surface, it looks like the victim accepted an anonymous NFT airdrop on OpenSea (rather than ignoring it) subsequently believing that their wallet was emptied.

AJ

@babbler_dabbler

Just got hacked. @opensea @MetaMask @MetaMaskSupport

Lost @hirst_official’s The Currency, @SHL0MS shards, @artblocks_io Factory pieces, @tinyblocksart Quadrum, @ApeDao_ Remix pieces!
Probably the only mistake I did was moving the trash NFT’s being sent to my account. FML. #nft

16:17 PM - 20 Sep 2021

However, more responses are being to suggest that it was a phishing hack where the victim may have previously entered their seed phrases into a phishing site :(

foobar

@0xfoobar

This is a basic private key compromise, nothing more.

Here is the tx sending WETH from the victim's wallet to the hacker's wallet. Note that the EOA initiating it is the victim. No smart contract black magic, just somebody who probably entered a seed phrase into a phishing site. twitter.com/babbler_dabble…

21:25 PM - 20 Sep 2021

AJ @babbler_dabbler

Just got hacked. @opensea @MetaMask @MetaMaskSupport Lost @hirst_official’s The Currency, @SHL0MS shards, @artblocks_io Factory pieces, @tinyblocksart Quadrum, @ApeDao_ Remix pieces! Probably the only mistake I did was moving the trash NFT’s being sent to my account. FML. #nft

Or that the transaction had somehow been signed with the victims private key, meaning it became compromised.

foobar

@0xfoobar

@Oussz Nope. I'm saying that the transaction was signed with his pk, therefore the pk is compromised

22:21 PM - 20 Sep 2021

A few reminders:

1. Never open a link in your email from a market place to trade, always just do it direct and clean from your secure browser.

2. Never open a link your email from anywhere related to crypto, always go direct from your secure browser.

3. Do not under any circumstances share your private keys or seed phrases with anyone, regardless of the scenario or whats on offer.

4. Don't interact with an a free NFT drop in any of the market places.

It looks like OpenSea have a lot more work to do to educate their community....