Earlier today, a hacker gained access to NFT marketplace OpenSea’s discord server, exploiting its channel for a phishing scam. This is the second time that the platform has fallen victim to this form of attack this year.
Hacker Promotes Fake Collab Between Youtube and OpenSea
According to reports and screenshots from participants in the server, the attacker took over one of OpenSea’s bots. They then uploaded a string of posts sharing news of a collaboration between YouTube and the NFT marketplace. A quote from the first post read:
“YouTube is officially partnering with [OpenSea] to bring their community into the NFT space.”
This went up in the announcements channel at about four this morning and revealed more details of the supposed collab. Joining forces, OpenSea and YouTube would launch 100 tokens dubbed “YouTube Genesis Mint Passes.” The NFTs would grant their owners access to free collaborative non-fungible tokens and other “insane utilities.”
The attacker leveraged the widespread FOMO of the NFT industry, encouraging members to obtain a pass before they disappeared. Later on, they reposted, claiming that most of the passes were gone. The hacker included the link at the bottom of the messages; youtubenft[.]art.
According to security firm PeckShield, the link led to the scam site, which is now unavailable. The site allowed the hacker to gain illicit access to user wallets and rob them of their NFTs. OpenSea was unable to cut off the hacker’s access for some time as they were able to upload more messages.
Attacker Address Confirmed
Upon recovery, the server’s support team sent out statements to the various channels. Participants in the channel for scam reports shared screenshots of the phishing attack as OpenSea has already taken down the posts. OpenSea also sent out a message to Discord participants via their official Twitter page confirming news of the hack.
We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord.
— OpenSea Support (@opensea_support) May 6, 2022
The team warned against clicking links on the server and assured users of updates regarding their ongoing investigation. Circulating reports claim the hacker took advantage of an opening in the server’s webhooks. This is a server plugin that allows interaction with other apps.
In recent times they have grown into a popular choice of target for hacks. This is because they allow official server accounts to carry data to members.
Although no victims emerged initially, Etherscan has revealed six affected wallets so far. One of the exploit victims was able to point out the hacker’s wallet address. EtherScan data relating to that address shows that it received about 13 non-fungible tokens around the time of the hack.
The last few months have progressed, with the NFT space experiencing an epidemic of hacks and scams. Some weeks past, top NFT project BAYC saw a bad actor compromise its discord server. The attacker stole a token from the project, Mutant Ape Yacht Club through a phishing link.
STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised. We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.
— Bored Ape Yacht Club (@BoredApeYC) April 1, 2022
Late last month, BAYC’s Instagram page fell victim to a similar hack as OpenSea’s. Community members saw losses totaling $2.8 million after a fake NFT mint appeared on the account.