Fake OpenSea Royalty or Creator Payment Signature Scams
Scammers target NFT creators with fake OpenSea creator-payment or royalty-update requests that contain malicious EIP-712 parameters. Legitimate OpenSea royalty settings are managed through the creator dashboard at opensea.io — no signature is needed via email or DM.
Part of: Ice Phishing and EIP-712 Signature Scams
Last reviewed: 7 June 2026
NFT creators who sell work on OpenSea earn royalties — a percentage of secondary sales that is paid automatically by the Seaport protocol when configured correctly in the collection settings. Scammers have developed attacks specifically targeting creators, knowing they may have both NFTs and ETH in their wallets and may be less familiar than traders with the technical details of signature requests.
Fake OpenSea creator-payment scams arrive as emails or DMs claiming that a royalty payout is pending but requires a signature to 'authorize the transfer' or 'update payment address.' The signature request contains hidden malicious parameters that grant approval over the creator's assets rather than authorizing a payment.
OpenSea's royalty and creator settings are managed through the collection editor at opensea.io. Royalty payments are handled automatically by the Seaport protocol based on on-chain collection parameters — no outbound signature from the creator is needed to receive royalties.
How this scam works on the OpenSea brand
An email claims that an OpenSea royalty payment of a specific ETH amount is waiting to be claimed, and that the creator must sign a message to authorize the transfer to their wallet. The MetaMask signature window that appears contains parameters for a broad token approval or a Seaport order transferring assets out rather than in.
A Discord DM from a fake OpenSea community manager tells a creator that their royalty address needs to be verified following 'OpenSea's new creator verification process.' The creator is directed to a site where signing the 'verification message' actually grants a drainer contract access to their holdings.
OpenSea royalties are paid automatically to the address set in collection settings. Creators receive royalties in their wallet without any signature action on their part. If royalty settings need updating, this is done by logging into opensea.io with the creator's wallet and editing the collection directly — no email link or DM flow is involved.
Common red flags
- An email or DM claiming a pending OpenSea royalty payment requires a wallet signature
- A 'creator verification' or 'royalty address update' request from any channel other than opensea.io
- A MetaMask signature request from a non-opensea.io domain related to creator payments
- An OpenSea 'community manager' on Discord offering to process royalty payouts via a link
- A signature window showing outbound token approvals framed as an 'incoming payment authorization'
- Urgency language: 'Your royalty payment expires in 24 hours if not claimed'
How to protect yourself
- Manage all royalty and collection settings directly at opensea.io — never via email links or DMs
- Understand that receiving royalties requires no active signature — they arrive automatically
- Carefully read every MetaMask signature request before signing, especially when told it relates to incoming payments
- Report any creator-payment DM from a supposed OpenSea representative to support.opensea.io
- Use a hardware wallet as the signing layer for your creator/admin wallet
How to report it
- Report to OpenSea at support.opensea.io
- Report impersonating Discord accounts to Discord's Trust and Safety team
- Report to IC3.gov (US) or Action Fraud (UK)
- Submit phishing domains to Google Safe Browsing
Frequently asked questions
Do I need to sign anything to receive OpenSea royalties?
No. OpenSea royalties are paid automatically by the Seaport protocol to the royalty address set in your collection settings. No outbound signature or claim action is needed to receive them.
How do I update my royalty address on OpenSea?
Log into opensea.io with the creator wallet, navigate to your collection settings, and update the creator earnings address there. No email link, DM, or third-party site is involved in this process.
What should I check before signing any OpenSea-related message?
Verify you are on opensea.io in your browser address bar. Read the full MetaMask message including contract address and all parameters. Approve requests should show the specific asset and a price you set — outbound approval requests for tokens or NFTs from sites you did not navigate to directly are red flags.