Several Discord channels for the biggest NFT marketplace OpenSea were hacked on May 6th by a scammer promoting a fake project.
A few members of the Discord servers tweeted that OpenSea’s Discord had been hacked early Friday morning. An OpenSea spokesperson said that they have taken actions against the scammer and there hasn’t been any malicious posts since then. Less than 10 digital wallets were affected, and the NFTs stolen were worth less than 10 ETH, or about $26,903, as of May 6th.
So, how did it happen? A bot made a fake announcement about OpenSea partnering with YouTube, triggering users to click on a “YouTube Genesis Mint Pass” link to snag one of 100 free NFTs with “insane utility” before they’d be gone forever. The link led to a webpage with a YouTube logo that security firm PeckShield identified as a phishing website.
Source: Image: Richard Lawler / Discord
While the messages and phishing site are already gone, one person said that they’d lost NFTs in the incident pointed to this address on the blockchain as belonging to the attacker.
The wallet address identified by that user and another who said they had NFTs stolen from them had 13 NFTs transferred to it on Friday morning worth just under $20,000. It also holds $17.13 in ETH. The address has not been marked on Etherscan as a phishing address, and Motherboard could not verify it beyond Discord users’ reports.
This kind of attack in which scammers exploit NFT traders who are looking to earn on “airdrops” has become quite common. The announcements usually appear out of the blue, and some blockchain users tend to click first and consider the consequences later.
This incident is just the latest in a long string of scams targeting Discord, including blue-chip NFT collections like Bored Ape Yacht Club. First, $800k worth of the blockchain trinkets was stolen from the “Rare Bears” Discord on April 1st. On April 25th, the BAYC Instagram served as a conduit for a similar attack that snagged more than $1 million worth of NFTs just by sending out a phishing link.