At around 4:30 AM ET on Friday, the official Discord channel for OpenSea, the world’s largest NFT marketplace, joined the growing list of NFT communities that have exposed participants to phishing attacks.
In this case, bot made a fake announcement about OpenSea partnering with YouTube, enticing users to click on a “YouTube Genesis Mint Pass” link to catch one of 100 free NFTs with “crazy utility” before they disappear forever, as well as a few following messages. Blockchain security tracking company PeckShield tagged the URL the attackers linked to, “youtubenft[.]art ”as a phishing site that is now inaccessible.
While the messages and phishing site have already disappeared, one person who said they lost NFTs in the event showed this address on the blockchain as belonging to the attacker, so we can see more information about what happened next. While that identity was blocked on the OpenSea website, viewing it via Etherscan.io or competing NFT marketplace, Rare, shows that 13 NFTs were transmitted to it from five sources around the time of the attack. They are now also reported on OpenSea for “suspicious activity” and, according to their prices when they last sold, seem to be worth a little over $ 18,000.
This type of meddling attack, in which scammers exploit NFT marketers seeking to profit from “airdrop,” has become commonplace for prominent Web3 organizations. It is common for ads to appear immediately, and the nature of the blockchain may give some users reasons to click first and consider the consequences later.
Beyond the desire to capture rare items, there is the knowledge that waiting can make your NFT money in the middle of a speed much slower, more expensive or even impossible (if you run out of funds during the process). If they left any object or cryptocurrency in their hot wallet that is connected to the internet, then skipping login details to phisher could give them away in seconds.
In a statement to The Edge, OpenSea spokeswoman Allie Mack confirmed the incident, saying, “Last night, an attacker was able to post malicious links on several of our Discord channels. We noticed the malicious links shortly after they were posted and took immediate steps to resolve the situation, including “We’ve also warned our community via our Twitter support channel not to click on any links in our Discord. We haven’t seen any new malicious posts since 4:30 am ET.”
“We are continuing to actively investigate this attack, and will inform our community of any important new information. Our preliminary analysis indicates that the attack had a limited impact. We are currently aware of less than 10 hit wallets and stolen items in less than 10 ETH.” says Mack.
Do not click on links in our Discord.
We will continue to investigate this situation and share information as we have it. https://t.co/jgtHcXifer
– OpenSea Support (@opensea_support) May 6, 2022
OpenSea did not make a statement about how the channel was hacked, but as we explained in December, one entry point for this style of attack is the feature of hooks that organizations often use to control the robots in their channels to make posts. If a hacker gains access or compromises the account of someone authorized, then they can use it to send a message and / or URL that appears to come from an official source.
Recent attacks have included such stole $ 800k worth of blockchain items of the “Rare Bears” Discord, and the Bored Ape Yacht Club announced that its channel had been compromised on April 1st. On April 25, BAYC’s Instagram served as a channel for a similar theft that caught more than $ 1 million in NFTs just by posting a phishing link.