OpenSea Discord Server Hacked, Users Warned to Be Vigilant of Phishing Scams

189
SHARES
1.5k
VIEWS

Related articles



Non-fungible token (NFT) market OpenSea suffered a server breach on its main Discord channel, with hackers posting fake “Youtube partnership” ads.

A screenshot share Friday shows fake collaboration news, along with a link to a phishing site. The official OpenSea Support Twitter account tweeted that the market’s Discord server was hacked on Friday morning and warned users not to click on the channel.

The hacker’s initial message, posted on the announcements channel, claimed that OpenSea had “partnered with YouTube to bring their community into the NFT space.” free.

It appears the intruder may have remained on the server for a considerable amount of time before OpenSea staff were able to regain control. In an attempt to create ‘fear of missing out’ for victims, the hacker managed to repost follow-ups to the initial scam ad, rehashing the fake link and claiming that 70% of the offer had already been issued .

The scammer also tried to lure OpenSea users, claiming that YouTube would provide “senseless utilities” to those claiming NFTs. They claim that this offer is unique and that there will be no more rounds to participate, which is typical for scammers.

On-chain data shows that 13 wallets appear to have been compromised at the time of writing, with the most valuable NFT stolen being a Founders Pass worth around 3.33 ETH or $8,982.58.

Initial reports suggest that the intruder used webhooks to access server controls. A webhook is a server plugin that allows other software to receive information in real time. Webhooks are increasingly being used as an attack vector by hackers as they provide the ability to send messages from official server accounts.

Related: Monkey-themed phishing scams are on the rise, experts warn

The Discord OpenSea is not the only server to be operated via webhooks. Several prominent NFT collection chains, including Bored Ape Yacht Club, Doodles, and KaijuKings, were compromised in early April with a similar vulnerability that allowed the hacker to use official server accounts to post phishing links.