OpenSea’s Discord server has been hijacked by bad actors to promote a scam non-fungible tokens (NFT) partnership with YouTube. This is not the first time that hackers are targeting the leading NFT marketplace.
OpenSea Discord Infiltrated by Scammers
Per a May 6, 2022, tweet by PeckShield, an industry-leading blockchain security and vulnerability analysis expert, OpenSea’s Discord server has been exploited by hackers to orchestrate a phishing attack.
Specifically, the bad actors hijacked the OpenSea Discord platform to announce a fake NFT partnership with YouTube, offering ‘lucky’ members of the ecosystem an opportunity to grab a YouTube Genesis Mint Pass that would unlock numerous exciting benefits for them.
“Important announcement @everyone. We have partnered with YouTube to bring their community into the NFT Space, and we’re releasing a mint pass with them that will allow holders to mint their project for free along with getting other insane utilities for being a holder of it,” the hackers wrote, adding:
“You are able to get this mint pass below for 100 percent free. There will only be 100 of these, however, once they are gone they won’t be coming back and you will have to purchase them off the OpenSea marketplace. Congratulations to those who get one.”
The OpenSea team has advised users to avoid clicking on links on its Discord server, for now, adding that it’s now investigating the vulnerability.
“We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord,” tweeted OpenSea.
At the time of writing it’s unclear if any OpenSea user fell victim to this phishing scam.
One Too Many
It’s worth noting that this is not the first time the OpenSea platform is being targeted by rogue actors. In February 2022, hackers orchestrated a hugely successful phishing attack that exploited the Wyvern Protocol on the OpenSea NFT marketplace, stealing hundreds of NFTs worth a massive $1.7 million from users of the platform.
Though the OpenSea team tried to allay the fears of NFT enthusiasts by claiming the heist was a result of a phishing attack that existed outside their ecosystem, the ugly scenario nonetheless triggered a 37 percent drop in its weekly trading volume at the time.
Similarly, the Bored Ape Yacht Club (BAYC) NFT project lost about $14 million worth of digital collectibles to hackers in April 2022, following a phishing attack carried out via its Instagram platform, enabling the rogue actors to steal 24 Bored Apes and 30 Mutant Apes.
As NFTs continue to gain traction across the globe, NFT projects and marketplaces will remain prime targets for hackers. As such, collectors are advised to desist from clicking on random links they see on any NFT marketplace unless they are 100 percent sure that the link is legitimate.