Scammers take advantage of unsuspecting people, and we want to help you stay safe in web3. In this article, we’ll highlight some of the most common kinds of scams that our User Safety team encounters.

These examples are scam attempts that we received real user questions about. However, this list is not meant to be comprehensive and users should remain cautious when they encounter suspicious or scam-like activity. We recommend reviewing this article for safety tips to learn how you can protect what you own.

It’s important to keep in mind that while OpenSea has protections in place on our site to minimize visibility of spam and misleading collections, among other kinds of harmful content, we don’t have control over third-party sites. We also don’t have control over the funds and NFTs in your wallet.

The most common places you might encounter a scam are through email, social media DMs, or fake websites. Let’s get started.

Common types of scam emails include fake offer notification emails, “unusual login” alerts, and messages about “errors” or “transaction failures” that ask you to pay to resolve the issue.

You should always look at the sender for emails you receive and check the full email address. Emails that don’t come from the domain “opensea.io” aren’t from us, as in the following examples.

Notice that the sender of this email does not use our domain (opensea.io).

OpenSea doesn’t send transaction failure emails.

In the first email example below, the recipient is invited to email a fake OpenSea support email. Never seek support from OpenSea outside of our Help Center or Discord.

In the second example email, although we can’t see the origin, we again see a "transaction declined” message. This type of image might be sent as a screenshot by a bad actor to an NFT creator, soliciting them to add funds because they have “insufficient ERC-20 Token Gas” on the seller’s account. OpenSea doesn’t send emails like this.

We also see reports of scams that take place over social media.

Don’t trust social media DMs from people you don’t know, especially when they’re claiming to be from OpenSea or are asking you to send funds or click on a suspicious link. OpenSea will not send an unsolicited direct message on social media.

If a “buyer” or another individual reaches out saying they couldn’t purchase or make an offer on your item and displays an error message, chances are it’s a scam. These “buyers” will send an error code, and inform you that you have to send funds to resolve the problem.

OpenSea will not ask you to do this. Legitimate buyers can make a purchase after your item is listed for sale with no intervention from you. If they do experience a bug or error using our site, they can reach out to our support team at support.opensea.io.

This DM is telling the user that a sale has already happened, but they need to “confirm the transaction” in order to receive their payment. This isn’t real:

This DM is encouraging the user to reach out to a fake support email to “activate” their account for selling:

OpenSea will not ask you to scan a QR code to resolve an error or to enable a sale, even if it promises a “secure transaction.”

Be cautious if you receive any message containing a QR code that claims to be from OpenSea. It’s not from us.

All buying and selling using OpenSea’s services happens peer-to-peer, directly between two wallets. You will not be asked to interact with an OpenSea “developer,” “deal” agent, or middleman in order to facilitate a sale or resolve a failed transaction. If you ever need help, contact our support team at support.opensea.io.

This type of scam is especially prevalent in Discord.

You may also encounter a fake OpenSea website when browsing the internet or linked from scam emails or social media messages.

If a website claims to be OpenSea but the URL is not opensea.io, as displayed in the example below, it’s fake. When you’re using OpenSea, always navigate to opensea.io.
​

If you’ve added an email address to your account, OpenSea sends marketing-related messages. Depending on your notification settings, you might also receive emails related to your account and activity, including item sales and successful purchases.

If you’re unsure whether an email from OpenSea is really from us, there are a couple of attributes you can look for.

First, emails from OpenSea always end in our domain (opensea.io), even if the first part of the email (such as newsletter or support) is different. If you’ve received an email from a Gmail account, or another email domain, it’s not from OpenSea.

Second, depending on your device and email client, you’ll also see a checkmark showing that OpenSea’s email is verified in Gmail or “Digitally Certified” in Apple Mail. This shows that we’re the owner of the account.

When you reach out to OpenSea Support in our Help Center, any email replies to your message will come from [email protected].

If you’ve received a phishing email or social media message claiming to be from OpenSea, or you’ve encountered a website that is impersonating OpenSea or using our trademark or logo, please report it to us at support.opensea.io. Select “Safety Concerns → Report harmful content or behavior → Report a phishing attempt.”

You can also report phishing emails directly to your email provider. For example, here are Google's directions on how to report phishing through Gmail.

Finally, you can report social media scam attempts directly to the social media platform where you received them. Here is the link to Discord's Trust & Safety Center, and Instagram's.