Scammers are a growing problem as the market value of NFTs has grown, with specific projects now being referred "blue chips" because of their high or consistent valuation. The term "scam" has multiple interpretations in the NFT market. It may apply to a project whose team generates millions through making false promises to buyers (a "rug pull" or “slow rugs”), a Twitter giveaway of NFTs that farms retweets and followers to create fake clout. Phishing attacks, or compelling customer support impersonators, lead to the user unknowingly handing over their private key and losing their NFTs to scammers.
A seemingly counterintuitive vulnerability exists in the NFT space, where traders are often well-versed in conventional cybersecurity yet may fall prey to scammers with relative ease. The NFT space has a culture of community and hype; thus, clicking quickly on good deals dominates the socially conscious scams that are the most tempting.
Scammers exploit the same characteristics that make the NFT space more like a close-knit group of friends than a community of independent traders. Customer support scammers' strategies all rely on winning the victim's confidence and getting their NFT wallet private key. This trend is a kind of "social engineering" in which scammers trick victims into dropping their guard because they believe they are communicating with official customer support or prominent community members.
We have previously covered Discord Bot Exploits, Airdrop Trojan Horse NFTs, and related scams in our series on "Common NFT Scams." In this article, we'll talk about impersonation scams involving NFT customer support. We'll review additional safety tips against scammers pretending to be customer support for the NFT marketplaces and platforms.
What is an NFT Customer Support Scam?
NFT customer support scam is a type of social engineering where scammers frequently impersonate real customer support of different NFT marketplaces and platforms to get personal information from unsuspecting NFT owners. Once these scammers gain access to your NFT wallet private key or "seed phrase," they will drain your wallet and steal your NFTs.
NFT customer support scam is common on Discord and Twitter, which hosts many NFT project communities. If you connect to one of these fake customer service providers instead of the legitimate ones, the scammers operating it will try to trick you into giving them access to your personal information so they can "fix" the issue you're experiencing. In contrast, they will use your personal information to access your NFT wallet and steal all your NFT assets by transferring them to their wallets.
In most cases, scammers pretend to be customer support representatives for an NFT marketplace such as OpenSea or Rarible. Usually, such scammers send spam messages to NFT collectors on social media platforms like Discord and Twitter and trick them into revealing their NFT wallet credentials. Sometimes, the scammer will even pretend to assist you before sending you a link to a fake NFT marketplace (phishing site) that prompts you to enter your NFT wallet login details.
OpenSea Customer Support Scam:
In August 2021, Jeff Nicholas – the award-winning creative director and NFT enthusiast, became part of an OpenSea customer support scam on Discord. OpenSea is a well-known NFT marketplace where users can collect, explore and trade NFTs. Jeff Nicholas had a royalty issue with his NFT collections on the NFT marketplace and submitted a customer support ticket for officials to look into the matter. Jeff used ZenDesk to report his OpenSea issue to customer support and received a ticket number.
Jeff Nicholas joined OpenSea’s discord server to expedite the process and sent the ZenDesk ticket number in the server chat. That is where he was engaged in an NFT customer support scam that led to the theft of NFT assets from his wallet. When Jeff sent the ticket number to OpenSea’s discord server, he momentarily received a response from "Pascal | OpenSea," who invited him to join a fake "OpenSea Support Server" on Discord. The scammers impersonated Pascal, the customer assistance lead at OpenSea, and Nate Chastain, the company's head of product at the time. On the fake OpenSea discord server, a user called "Nate | OpenSea," welcomed and assigned him a queue number for "issue resolution."
Customer support scammers ultimately scammed Jeff Nicholas by asking him to visit an OpenSea phishing site, where he entered his secret key in a pop-up prompting him to join his NFT wallet details.
Jeff Nicholas highlighted the OpenSea customer support scam in a Twitter thread. (Source: Twitter)
The scammers spent the next hours emptying Nicholas' wallet of bored apes and other NFTs. Taking advantage of the fact that he had left his screen accessible to them, they could photograph the QR code associated with his private key or "seed phrase" and get stealth access to all his assets. The cost of the NFT theft following this OpenSea customer support scam was nearly 150 ETH, or about $480,000.
What makes Customer Support Scams
Customer support scams like the one performed on Nicholas are among the worst common NFT scams. If a scammer obtains access to a user's private keys, they may use it to transfer their cryptocurrency assets to a different wallet. In the event of a wallet hack, the user must act swiftly to move their most precious assets to a safe wallet. Nicholas's NFTs mysteriously vanished, despite his best efforts to safeguard them with two-factor authentication technology. Scammer misled him into believing he was approving royalty payments.
The Takeaway – How to avoid NFT Customer Support Scams?
The best method to avoid customer support scams in the NFT space is to prevent your exposure to scammers on social media platforms such as Discord and Twitter. Do not enter any discord server through unsolicited invitations or by scanning any QR code. Similarly, block any DM on social media platforms asking you for your NFT wallet seed phrase or secret key.
OpenSea’s tweet after the OpenSea customer support scam. (Source: Twitter)
Always be vigilant and cautious by performing your due diligence when interacting with an NFT platform. Report any malicious behavior to legitimate customer service by submitting a report through ZenDesk.
Limiting your customer support involvement to legitimate NFT marketplaces and their official channels is best practice. Please contact the NFT marketplace's official customer service channels if you have any questions.
Increase your understanding of NFT security and discover similar scams by reading our articles.