The hacker’s initial announcement was a claim that OpenSea had is now in partnership with YouTube to enable their community into the NFT space.
OpenSea, a marketplace for nonfungible tokens (NFTs), experienced a server breach on its primary Discord channel, with hackers posting fake “YouTube partnership” announcements.
A screenshot shared on Friday displays bogus collaboration news along with a link to a phishing website. Friday morning, the OpenSea Support Twitter account tweeted that the marketplace’s Discord server had been compromised and warned users not to access the channel.
The initial post by the hacker, which was published in the announcements channel, claimed that OpenSea had “partnered with YouTube to bring their community into the NFT Space.” Additionally, it was stated that OpenSea will be releasing a mint pass with them that will permit holders to mint their project for free.
It appears that the intruder was able to remain on the server for an extended period before OpenSea staff regained control. To create “fear of missing out” among victims, the hacker was successful in reposting follow-ups to the initial fraudulent announcement, rehashing the fake link, and claiming that 70 percent of the supply had been mined.
The con artist also attempted to entice OpenSea users by claiming YouTube would offer “insane utilities” to those who claimed the NFTs. Fraudsters typically assert that the offer is exclusive and that there will be no further opportunities to participate.
On-chain data indicates 13 wallets have been compromised as of this writing, with a Founders’ Pass worth approximately 3.33 ETH or $8,982.58 being the most valuable NFT stolen.
Initial reports indicate that the intruder accessed server controls using webhooks. Webhooks are server plugins that allow other applications to receive real-time data. Webhooks are increasingly used as an attack vector by cybercriminals because they allow messages to be sent from official server accounts.
The OpenSea Discord server is not the only one that can be accessed via webhooks. Several popular NFT collections’ channels, including Bored Ape Yacht Club, Doodles, and KaijuKings, were compromised in early April due to a similar vulnerability that allowed the hacker to post phishing links using the official server accounts.