Non-fungible token (NFT) market OpenSea suffered a server breach on its main Discord channel, with hackers posting fake “Youtube partnership” ads.
A screenshot share Friday shows fake collaboration news, along with a link to a phishing site. The official OpenSea Support Twitter account tweeted that the market’s Discord server was hacked on Friday morning and warned users not to click on the channel.
Do not click on links in our Discord.
We are continuing to investigate this situation and will share information as it becomes available. https://t.co/jgtHcXifer
— OpenSea Support (@opensea_support) May 6, 2022
The hacker’s initial message, posted on the announcements channel, claimed that OpenSea had “partnered with YouTube to bring their community into the NFT space.” free.
It appears the intruder may have remained on the server for a considerable amount of time before OpenSea staff were able to regain control. In an attempt to create ‘fear of missing out’ for victims, the hacker managed to repost follow-ups to the initial scam ad, rehashing the fake link and claiming that 70% of the offer had already been issued .
The scammer also tried to lure OpenSea users, claiming that YouTube would provide “senseless utilities” to those claiming NFTs. They claim that this offer is unique and that there will be no more rounds to participate, which is typical for scammers.
official message from the founders
Discord Doodles has been penetrated by a hacked bot. Any messages that appear on any of our channels, ignore them for now. We are taking care of it. Our lawyers, our friends on Discord and the community help us. We will keep you updated as we diagnose the situation.
— doodles (@doodles) February 26, 2022
On-chain data shows that 13 wallets appear to have been compromised at the time of writing, with the most valuable NFT stolen being a Founders Pass worth around 3.33 ETH or $8,982.58.
Initial reports suggest that the intruder used webhooks to access server controls. A webhook is a server plugin that allows other software to receive information in real time. Webhooks are increasingly being used as an attack vector by hackers as they provide the ability to send messages from official server accounts.
Related: Monkey-themed phishing scams are on the rise, experts warn
The Discord OpenSea is not the only server to be operated via webhooks. Several prominent NFT collection chains, including Bored Ape Yacht Club, Doodles, and KaijuKings, were compromised in early April with a similar vulnerability that allowed the hacker to use official server accounts to post phishing links.
