The official Discord channel of NFT marketplace OpenSea was recently infiltrated by cybercriminals who used it to spread a phishing link.
According to The edgea channel bot made a fake announcement that the NFT market was partnering with YouTube and that users had to click on a “YouTube Genesis Mint Pass” in order to get one of 100 free NFTs before they disappear forever.
Just as cybercriminals often do in phishing emails, this message instilled a sense of urgency in getting users to click on a link to a site that blockchain security firm PeckShield has now flagged as a scam site. phishing.
At the same time, as the NFT space tends to move quite quickly, users knew from experience that they only had a limited time to claim any of the free NFTs and they probably didn’t want the miss.
Although the malicious posts were removed from OpenSea’s Discord channel and the phishing site was also removed, one user said they lost NFTs in the incident and listed an address on the blockchain that belonged to the responsible cybercriminals.
Viewing the address on Etherscan.io or competing NFT marketplace Rarible shows that 13 NFTs were actually transferred to it by five users at the time of the attack and based on their prices at the last sale, the five NFTs appear to be worth just over $18k.
Although OpenSea has yet to explain how its Discord channel was hacked, one possible explanation is that cybercriminals exploited the webhook feature that organizations use to control bots that post to their channels.
In a statement to The edgeOpenSea spokesperson Allie Mack provided more details on how the company responded to the incident, saying:
“Last night an attacker was able to post malicious links to several of our Discord channels. We noticed the malicious links soon after they were posted and took immediate action to remedy the situation, including removing the bots and malicious accounts. We have also alerted our community via our Twitter support channel not to click on any links in our Discord. Our preliminary analysis indicates that the attack had a limited impact. We are currently aware of less than 10 impacted wallets and stolen items of less than 10 ETH.
Whether you’re on Discord or Telegram, you should avoid clicking on suspicious links, especially in messages that attempt to instill a sense of urgency to avoid falling victim to phishing attacks.
By the edge