Nonfungible token (NFT) marketplace OpenSea suffered a server breach on its main Discord channel, with hackers posting fake "Youtube partnership" announcements.
A screenshot shared Friday shows fake collaboration news, accompanied by a link to a phishing site. OpenSea Support's official Twitter account tweeted that the marketplace's Discord server was breached Friday morning and warned users not to click the channel.
Do not click links in our Discord.
— OpenSea Support (@opensea_support) May 6, 2022
We are continuing to investigate this situation and will share information as we have it. https://t.co/jgtHcXifer
The hacker's initial post, published in the announcements channel, claimed that OpenSea had “partnered with YouTube to bring their community into the NFT Space." It also said that OpenSea is releasing a mint pass with them that will allow holders to mint their project for free.
It appears that the intruder was able to stay on the server for a considerable length of time before OpenSea staff were able to regain control. In an attempt to create "fear of missing out" to victims, the hacker was successful in reposting follow-ups to the initial fraudulent announcement, rehashing the phony link, and claiming that 70% of the supply had already been minted.
The scammer also attempted to entice OpenSea users, claiming that YouTube would provide "insane utilities" to those who claimed the NFTs. They are claiming that this offer is unique and that there will be no further rounds to participate, which is typical of fraudsters.
official message from the founders
— doodles (@doodles) February 26, 2022
Doodles discord was penetrated by a hacked bot. Any message put out in any of our channels, ignore for now. We are on it. Our lawyers, friends at discord, and the community are helping us. We will update you as we diagnose the situation.
On-chain data shows 13 wallets seem to have been compromised as of writing, with the most valuable NFT stolen being a Founders' Pass worth around 3.33 ETH or $8,982.58.
Initial reports suggest that the intruder used webhooks to access server controls. A webhook is a server plugin that allows other software to receive real-time information. Webhooks have increasingly been used as an attack vector by hackers because they provide the ability to send messages from official server accounts.
Related: Ape-themed airdrop phishing scams are on the rise, experts warn
The OpenSea Discord is not the only server to be exploited via webhooks. Several prominent NFT collections' channels, including Bored Ape Yacht Club, Doodles, and KaijuKings, were compromised in early April with a similar vulnerability that allowed the hacker to use official server accounts to post phishing links.