OpenSea Impersonation Scams
Scammers impersonate OpenSea with fake NFT offers and phishing emails that trigger malicious wallet approval transactions. OpenSea will never ask you to sign a transaction to 'verify' your account.
Last reviewed: 1 June 2026
OpenSea is a leading NFT marketplace, and its users are targeted by fraudsters who combine the brand's familiarity with the complexity of crypto wallet interactions. A common attack involves an email claiming a sale offer has been made on one of your NFTs, with a link to a fake OpenSea page that prompts a wallet-draining approval signature.
The deception works because genuine marketplace transactions require signatures — but a malicious signature can grant an attacker permission to transfer all assets in your wallet. Understanding what genuine OpenSea pages look like is critical before approving anything.
How scammers impersonate it
- Sending emails with fake sale or bid notifications that link to phishing pages
- Creating clone sites at domains like 'opensea-nft.io' or 'opensea-marketplace.com'
- Offering free 'exclusive NFT drops' that require wallet connection to a malicious site
- Messaging collectors on Discord claiming to be OpenSea staff requesting wallet verification
- Running fake customer support on Twitter/X using the OpenSea name and logo
What the real organisation never does
- Ask you to sign a wallet transaction to verify your account or identity
- Offer exclusive NFT drops that require connecting to a third-party site
- Send support via Discord or Twitter direct messages asking for wallet details
- Request your seed phrase or private key for any reason
Common red flags
- Email notification with a link to a domain other than opensea.io
- Wallet approval request for a contract you do not recognise
- Unsolicited NFT 'gift' requiring you to visit an external link to claim it
- Discord DM from someone claiming to be OpenSea staff
- Bid or offer notifications that do not appear in your real OpenSea account
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Email: 'Congratulations! You have received an offer of [amount] ETH for your NFT. Accept it here: [fake link].'
Discord DM: 'OpenSea is giving verified collectors a free mint. Connect your wallet at [malicious site] to claim.'
How to verify
- Always navigate to opensea.io directly — never follow email links to sign transactions
- Review every wallet approval request carefully — check what token permissions you are granting
- Use a tool like Revoke.cash to audit and revoke suspicious wallet approvals
- Verify any sale activity only inside your real OpenSea account dashboard
What to do if you're targeted
- If you signed a malicious transaction, revoke the approval immediately via Revoke.cash or Etherscan
- Transfer remaining assets to a new wallet address
- Report the phishing site to OpenSea via their official support channel
Frequently asked questions
I clicked a link and connected my wallet — am I compromised?
Connecting your wallet alone is generally not dangerous, but if you signed an approval transaction, you may have granted the attacker permission to transfer your assets. Use Revoke.cash immediately to audit and remove any suspicious approvals.