OpenSea Discord server hacked, users warned to be vigilant of phishing scams

Nonfungible token (NFT) marketplace OpenSea suffered a server breach on its main Discord channel, with hackers posting fake “Youtube partnership” announcements.

A screenshot shared Friday shows fake collaboration news, accompanied by a link to a phishing site. OpenSea Support’s official Twitter account tweeted that the marketplace’s Discord server was breached Friday morning and warned users not to click the channel.

The hacker’s initial post, published in the announcements channel, claimed that OpenSea had “partnered with YouTube to bring their community into the NFT Space.” It also said that OpenSea is releasing a mint pass with them that will allow holders to mint their project for free.

It appears that the intruder was able to stay on the server for a considerable length of time before OpenSea staff were able to regain control. In an attempt to create “fear of missing out” to victims, the hacker was successful in reposting follow-ups to the initial fraudulent announcement, rehashing the phony link, and claiming that 70% of the supply had already been minted.

The scammer also attempted to entice OpenSea users, claiming that YouTube would provide “insane utilities” to those who claimed the NFTs. They are claiming that this offer is unique and that there will be no further rounds to participate, which is typical of fraudsters.

On-chain data shows 13 wallets seem to have been compromised as of writing, with the most valuable NFT stolen being a Founders’ Pass worth around 3.33 ETH or $8,982.58.

Initial reports suggest that the intruder used webhooks to access server controls. A webhook is a server plugin that allows other software to receive real-time information. Webhooks have increasingly been used as an attack vector by hackers because they provide the ability to send messages from official server accounts.

Related: Ape-themed airdrop phishing scams are on the rise, experts warn

The OpenSea Discord is not the only server to be exploited via webhooks. Several prominent NFT collections’ channels, including Bored Ape Yacht Club, Doodles, and KaijuKings, were compromised in early April with a similar vulnerability that allowed the hacker to use official server accounts to post phishing links.

All Dutch and English crypto news!

Crypto investment funds see $435M outflow as bull market stalls amid rising inflation concerns

Concerns over rising inflation and flat spot Bitcoin ETF inflows could be factors in the $435 million outflow from crypto investment funds last week. Markets News Own...

Eigenlayer releases EIGEN white paper, bans airdrop for US users

The EIGEN token will be used to form consensus around data that is off-chain but easily verifiable, such as whether someone won a bet or...

Bankruptcy judge signs off on $450M FTX-Voyager settlement

According to the terms of the deal, FTX will “relinquish any and all rights” to $450 million Voyager Digital has claimed from the crypto exchange. News Own...

Dogwifhat (WIF) massive pump on Bybit after listing causes market frenzy

Dogwifhat (WIF) was listed on Bybit crypto exchange today. Immediately after listing the meme coin’s price hit $41.85 before quickly retracing. At press time, Dogwifhat (WIF) was...

Beste exchanges

Koop je crypto bij Bitvavo