OpenSea Discord Compromised, Hackers Promote NFT Fraud
2 min read
The largest marketplace in the non-fungible tokens (NFTs) market, OpenSea, had its Discord server hacked, as reported by the security company PeckShield this Friday (6). After the invasion, the channel started promoting a coup with NFTs in false partnership with YouTube.
#PeckShieldAlert #phishing @opensea discord is exploited, youtubenft[.]art is the phishing site. Do *NOT* fall prey to it! https://t.co/RAcRjEfuub pic.twitter.com/rjqMpTnpjW
— PeckShieldAlert (@PeckShieldAlert) May 6, 2022
The OpenSea team confirmed the hack on their Twitter account. In addition, he asked users not to click on any links made available on the channel:
“We are investigating a potential vulnerability in our Discord. Please do not click on any links on Discord”, tweeted OpenSea.
OpenSea Discord Hack Details
According to screenshots posted by users on Twitter, the attackers created an advertisement on OpenSea’s Discord server informing them of a fake “mint pass” that was being offered in collaboration with YouTube.
So, the hacker directed the group members to go to a website that contained the word YouTube. However, the address was fraudulent and did not match the platform’s official website.
On the fake page was information about a promotion offering the first 100 participants the chance to claim tokens at 100% off.
As PeckShield reported, it was actually a phishing link. That is, an address that impersonates an official website to collect sensitive data from users.
It is not yet known if any users fell victim to the attack or if any NFT was lost.
Journalist and cryptocurrency expert Colin Wu shared a screenshot from OpenSea’s Discord channel.
The official OpenSea Discord was hacked and posted a link to a phishing site in partnership with youtube. On April 1st, a large number of blue-chip NFT DISCORDs were hacked and posted phishing links. pic.twitter.com/uDbNklIgn3
— Wu Blockchain (@WuBlockchain) May 6, 2022
As can be seen, the deceptive link mimics the official website of the platform with the inclusion of “NFT” and “art”.
Similar attacks involving NFTs
This is not, however, the first time that a Discord channel linked to NFTs has been attacked. According reported, at the beginning of April, the channel of the famous Bored Ape Yatch Club (BAYC) collection on Discord was the victim of a similar hack.
With the scam, the fraudsters managed to steal the equivalent of $65,000 worth of ETH from one of the users.
As in the case of the OpenSea Discord hacker, in the case of BAYC, the hackers promoted fake scams involving the minting of NFTs.
OpenSea has also been the victim of other attacks in the recent past. In February of this year, for example, the giant NFT market suffered a hack with losses estimated at US$ 1.7 million. Subsequently, the platform promised to refund all affected users.