The initial message by the hacker, which was published in the announcements channel, stated that OpenSea had “partnered with YouTube to bring their community into the NFT Space.”
OpenSea, a marketplace for nonfungible tokens (NFTs), experienced a server breach on its primary Discord channel, with hackers uploading false “YouTube collaboration” announcements.
A screenshot released on Friday depicts bogus collaboration news with a link to a phishing website. Friday morning, the OpenSea Support Twitter account stated that the marketplace’s Discord server had been compromised and cautioned customers not to use the channel.
Do not click links in our Discord.
We are continuing to investigate this situation and will share information as we have it. https://t.co/jgtHcXifer
— OpenSea Support (@opensea_support) May 6, 2022
The initial message by the hacker, published in the announcements channel, said that OpenSea had “partnered with YouTube to bring their community into the NFT Space.” Additionally, it was stated that OpenSea will be releasing a mint pass with them that will permit holders to mint their project for free.
It looks that the attacker was able to remain on the server for an extended period of time until OpenSea employees regained control. In an effort to induce “fear of losing out” among victims, the hacker was successful in reposting follow-ups to the initial bogus statement, reiterating the fake link, and stating that 70 percent of the supply had been mined.
The con artist also attempted to woo OpenSea users by stating YouTube would offer “crazy utilities” to those who claimed the NFTs. Fraudsters typically assert that the offer is exclusive and that there would be no additional opportunities to participate.
🚨 official message from the founders
Doodles discord was penetrated by a hacked bot. Any message put out in any of our channels, ignore for now. We are on it. Our lawyers, friends at discord, and the community are helping us. We will update you as we diagnose the situation.
— doodles (@doodles) February 26, 2022
On-chain data indicates 13 wallets have been hijacked as of this writing, with a Founders’ Pass worth about 3.33 ETH or $8,982.58 being the most expensive NFT taken.
Initial investigations indicate that the hacker accessed server controls through webhooks. Webhooks are server plugins that allow other applications to get real-time data. Webhooks are widely exploited as an attack vector by cybercriminals since they allow messages to be sent from official server accounts.
The OpenSea Discord server is not the only one exploitable by webhooks. Several popular NFT collections’ channels, including Bored Ape Yacht Club, Doodles, and KaijuKings, were compromised in early April due to a vulnerability that enabled the hacker to send phishing links using official server credentials.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.