Giveaway DM Takeover Scam Impersonating OpenSea
Criminals use compromised or cloned social accounts to send direct messages to NFT collectors claiming an exclusive OpenSea giveaway has been reserved for them, linking to wallet-drainer sites that drain high-value NFTs on connection.
Part of: Giveaway DM Takeover Scams
Last reviewed: 8 June 2026
High-value NFT collectors are specifically targeted by giveaway DM takeover scams because the potential payoff from draining a single collector's wallet can be substantial. Criminals identify active OpenSea users through on-chain data — accounts holding valuable collections are publicly visible — and send personalised-seeming direct messages claiming they have been selected for an exclusive OpenSea promotion.
The DM may arrive from a compromised account of someone the collector follows, from a cloned account impersonating a well-known NFT figure, or from a freshly created fake OpenSea support account. The 'exclusive' framing creates a sense of privilege rather than urgency, which can lower the victim's guard compared to overtly urgent scams.
The link leads to a wallet-drainer, and connecting through MetaMask or WalletConnect and approving the prompted transaction can transfer all held NFTs and tokens within a single block.
How this scam works on the OpenSea brand
Real OpenSea communications are made through verified official channels. OpenSea does not DM individual collectors about giveaways based on their wallet history, and its team members do not send unsolicited direct messages to offer exclusive drops.
The DM typically reads: 'Hey, the OpenSea team noticed your [collection name] holdings and you have been selected for our Verified Collector programme — claim your exclusive drop here: [link]. This is time-sensitive.' The personalisation — referencing a real collection the victim holds — comes from on-chain data. The urgency ensures the victim acts before fully evaluating the request.
Some campaigns use compromised creator accounts to send the DM, knowing that collectors trust creators they follow. The compromised account's owner may not know their account is being used to distribute the scam.
Common red flags
- A DM claims you have been 'selected' for an exclusive OpenSea drop based on your holdings — OpenSea does not identify collectors this way
- The link in the DM leads to a site that is not opensea.io
- Connecting a wallet and approving the prompted transaction shows unusual or broad permissions
- The DM arrives from an account that was recently created or has an unusually small following for a supposed OpenSea representative
- The claimed promotion cannot be verified on opensea.io/blog or the verified @opensea social accounts
- The message came from someone you follow whose account may have been compromised
How to protect yourself
- Never click a wallet-connect link that arrives via DM, even from accounts you follow
- Verify any OpenSea promotion at opensea.io/blog through your own browser bookmark
- Use a separate burner wallet with minimal holdings for any wallet-connect interaction you cannot fully verify
- Alert the sender if their account may have been compromised — they should secure it immediately
- Revoke any approvals granted to unfamiliar contracts at revoke.cash
- Report the DM and the drainer URL to OpenSea and to the platform's trust and safety team
How to report it
- Report the impersonating account and phishing link to the social-media platform
- Report to OpenSea at [email protected]
- Submit the malicious URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/
- File a report with the FTC at reportfraud.ftc.gov
- Report to IC3.gov (US) or Action Fraud 0300 123 2040 (UK)
Frequently asked questions
Does OpenSea select collectors for exclusive drops based on their wallet?
OpenSea does not identify collectors through on-chain data and send them unsolicited DMs about exclusive promotions. Any such message is a scam. Official OpenSea drops and programmes are announced publicly on opensea.io.
How do I know if an account that DMed me has been compromised?
If the DM is out of character for someone you follow — for example, an artist suddenly promoting a generic OpenSea giveaway — contact them through another channel (email, Discord, or a phone call) to check whether their account was hacked before dismissing or reporting the message.
What if I connected my wallet but did not approve any transaction?
Simply connecting a wallet (without signing a transaction) does not give a dApp any ability to transfer your tokens. You are likely safe. Review any pending approval prompts in your wallet, decline them without signing, and disconnect from the dApp in your MetaMask connected sites settings.