© Reuters. OpenSea Discord compromised, fake YouTube link used in hack
- OpenSea has confirmed that its Discord server has been infiltrated.
- Six wallets were affected, but the loss was minimal.
- The hackers used a fake YouTube link to lure the victims.
Today, NFT Marketplace OpenSea confirmed that their Discord server had been hacked. The platform openly explained the incident through a tweet, in which the team claimed it was already investigating the vulnerability. They also asked users not to click on any links in Discord.
We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord.
— OpenSea Support (@opensea_support) May 6, 2022
The incident was noticed shortly after several users discussed the issue on Twitter (NYSE:). “OpenSea Discord is hacked,” said the founder of threat mitigation system Sentinel. Interestingly, a YouTube site was used for phishing. Another cybersecurity expert tweeted: opensea discord is exploited, youtubenft[.]art is the phishing site. Don’t fall prey to it!
OPENSEA DISCORD IS HACKED pic.twitter.com/7lePPC99fa
— Snake (@Snake) May 6, 2022
The hack appears to have promoted a dodgy NFT mint, tricking users into creating fake “YouTube Genesis Mint Passes”. And since the link had “YouTube” in its URL, users were quick to click on it. However, the link did not lead to a YouTube website. The link has been detected as a phishing site by cybersecurity company PeckShield.
Notably, the hackers were able to remain on the server undetected for some time before OpenSea employees were able to regain control. The hacker was able to send several follow-ups to the initial announcement stating that 70% of the supply had already been minted.
Fortunately, there appears to be minimal loss, as reported by Etherscan. Around six portfolios have been identified as affected. And the most valuable NFT stolen was a ConiunPass with a market value of around 0.84 ETH or $2,300.
OpenSea is the latest in a series of Discord servers to have fallen prey to hacking. Earlier in April, the Discords of several NFT collections, including Bored Ape Yacht Club, Doodles, and KaijuKings, were infiltrated.