There are many reports of random NFTs being distributed to collectors' eth wallets on Opensea, and if the recipient accepts an offer to sell them, or lists them, they apparently verify a MetaMask signature that gives hackers access to drain the victim's wallet. All this occurs without phishing information whatsoever (ERC-721 NFTs, Polygon NFTs), but purely through malicious code in the NFT's smart contract. How is this even possible?
wallets – Scam Analysis: Unsolicited Airdrop NFTs That Drain Wallets – How to Protect Yourself
nftopenseaSecuritysmart-contract-walletswallets
Best Answer
Looks like you have been following Twitter today. The user in question actually had their private keys compromised by a fake OpenSea email spam.
However attack vectors can be launched on smart contracts, so that when you interact with them or approve them they are given access to your wallet. Not sure exactly how it happens but it is through malicious code. Sorry I couldn't give a better answer.