Home News OpenSea Discord server hacked, users warned to be vigilant of phishing scams

OpenSea Discord server hacked, users warned to be vigilant of phishing scams

598
0
OpenSea

Hackers posted phoney “Youtube partnership” announcements on the nonfungible token (NFT) marketplace OpenSea‘s main Discord channel after a server breach.

Fake partnership news is shown in a screenshot published on Friday, along with a link to a phishing site. The marketplace’s Discord server was hacked Friday morning, according to the NFT marketplace Support’s official Twitter account, which advised customers not to use it.

OpenSea has “partnered with YouTube to bring their community into the NFT Space,” according to the hacker’s first post on the announcements channel. The NFT marketplace is also providing a mint pass with them, allowing holders to mint their project for free.

The invader appeared to have been able to stay on the server for quite some time before the NFT marketplace technicians were able to reclaim control. The hacker was successful in posting follow-ups to the initial false announcement, reiterating the phoney link, and saying that 70% of the supply had already been coined, all in an attempt to generate “fear of missing out” in victims.

OpenSea users were tempted to receive “crazy utilities”

The con artist also tried to persuade OpenSea users by stating that those who claimed the NFTs would receive “crazy utilities” from YouTube. They state that this offer is one-of-a-kind and that there would be no other rounds to engage in, which is typical of con artists.

As of this writing, on-chain data indicates that 13 wallets have been hacked, with the most valued NFT stolen being a Founders’ Pass worth about 3.33 ETH ($8,982.58).

The hacker allegedly exploited webhooks to get access to server management, according to initial reports. A webhook is a server plugin that lets other software get real-time data. Because they allow hackers to send messages from official server accounts, webhooks are becoming increasingly popular as an attack vector.

Webhooks aren’t just used to abuse the OpenSea Discord server. A similar weakness allowed the hacker to use official server accounts to publish phishing links on several popular NFT collections’ channels, including Bored Ape Yacht Club, Doodles, and KaijuKings, in early April.

BAYC NFTs stolen in Instagram phishing attack

Previous articleBitcoin futures ETF of Valkyrie’s approved by SEC
Next articleDeribit and OKX attract significant traffic from China despite a blanket ban