OpenSea Discord Compromised, Fake YouTube Link Used in Hack

OpenSea
    • OpenSea confirmed that its Discord server has been infiltrated.
    • Six wallets were affected, but the loss was minimal.
    • Hackers used a fake YouTube link to lure in victims.

Today, NFT Marketplace OpenSea confirmed that its Discord server has been hacked. The platform openly explained the incident through a tweet, wherein the team claimed that they were already investigating the vulnerability. They have also asked users to not click on any links in the Discord.

The incident was noticed shortly after several users discussed the issue on Twitter. “OpenSea Discord is hacked,” stated the founder of threat mitigation system Sentinel. Interestingly, a YouTube site was used for phishing. Another cybersecurity expert tweeted: opensea discord is exploited, youtubenft[.]art is the phishing site. Do not fall prey to it!

The hack seems to have been promoting a dubious NFT mint, directing users to mint fake “YouTube Genesis Mint Passes.” And since the link had “YouTube” in its URL, users were quick to click on it. However, the link did not lead to a YouTube website. The link has been detected to be a phishing site by the cybersecurity firm PeckShield.

Notably, the hackers were able to stay on the server undetected for some time before OpenSea employees were able to regain control. The hacker was able to send several follow-ups to the initial announcement stating that 70% of the supply had been minted already.

Fortunately, there seems to be a minimal loss, as reported by Etherscan. Around six wallets were identified as affected. And the most valuable NFT stolen was a ConiunPass with a market value of around 0.84 ETH or $2,300.

OpenSea is the latest in a string of Discord servers to have fallen prey to hacking. Earlier in April, the Discords of several  NFT collections, including Bored Ape Yacht Club, Doodles, and KaijuKings, were infiltrated.