OpenSea Discord server hacked, users warned to be vigilant of phishing scams

196
SHARES
1.5k
VIEWS


Non-fungible token (NFT) marketplace OpenC suffered a server breach on its main Discord channel after hackers posted fake “YouTube partnership” announcements.

a screenshot share Friday shows fake collaboration news with a link to a phishing site. OpenSea Support’s official Twitter account tweeted that the marketplace’s Discord server broke down on Friday morning and warned users not to click on the channel.

READ ALSO

The hacker’s initial post published in the Announcement channel claimed that OpenSea had partnered with YouTube to “bring its community into the NFT space.” It also said that OpenSea is issuing a Mint Pass with them that will allow holders to complete their project. free.

It appears that the intruder was able to stay on the server for a long time before OpenSea’s employees were able to gain control. In an effort to create a “fear of missing out” to victims, the hacker was successful in posting a follow-up to the initial fraudulent announcement, re-posting the fake link, and claiming that 70% of the supply had already been mined. .

The scammers also attempted to lure users of OpenSea, claiming that YouTube would provide “crazy utilities” to those claiming to be NFTs. They are claiming that this offer is unique and there will be no more rounds to participate in, which is exclusive to fraudsters.

On-chain data shows that 13 wallets were compromised as of writing, with the most valuable NFT stolen Founder Pass, which was valued at around 3.33 ETH or $8,982.58.

Initial reports suggest that the intruder used webhooks to access the server controls. A webhook is a server plugin that allows other software to receive real-time information. Webhooks are increasingly used as an attack vector by hackers because they provide the ability to send messages from authoritative server accounts.

RELATED: App-themed airdrop phishing scams are on the rise, experts warn

OpenSea isn’t the only server accessed via Discord webhooks. Several major NFT collection channels, including Bored Ape Yacht Club, Doodle and Kaijukings, were compromised in early April with a similar vulnerability that allowed hackers to use official server accounts to post phishing links.