Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
OpenSea Discord Hack, NFT's Stolen in fake YouTube Phishing Attack - YFarmX | Crypto News & Education
Sunday, December 22, 2024
HomeUncategorizedOpenSea Discord Hack, NFT's Stolen in fake YouTube Phishing Attack

OpenSea Discord Hack, NFT’s Stolen in fake YouTube Phishing Attack

OpenSea Discord hack goes to show that even the biggest NFT marketplaces can’t keep their channels safe from scammers.

On Friday morning, scammers gained access to the official Discord for the popular NFT marketplace, netting just under $20k in NFTs.

Hackers accessed the official Discord server of popular NFT marketplace OpenSea on Friday morning, sending a bot message to trick users into visiting a fake website that looked like YouTube, but was actually set up to steal crypto wallet data.

In this case, a bot announced that OpenSea had partnered with YouTube, enticing users to click on a link to claim one of 100 free NFTs with “insane utility” before they were gone forever, as well as a few follow-up messages. According to blockchain security tracking company PeckShield, the URL the attackers linked to, “youtubenft[dot]art,” is now unavailable and has been tagged as a phishing site.

In recent years, prominent Web3 organisations have suffered from this kind of intermediary attack, which exploits traders looking to take advantage of “airdrops”. Unexpected announcements are common in the cryptocurrency market, and some users click first and consider the consequences later.

“Serpent,” the pseudonymous developer of the Discord hack-detection software Sentinel, was the first to make public the OpenSea Discord hack.

https://twitter.com/Serpent/status/1522494914550181888

Several OpenSea discord users claim their NFTs were stolen.

“my two nfts stollen. thief’s address 0x5Bf15Af9B432b3ea4bbF5B219A77b788CE83d113 where is the support?”

A user asked while tagging a community manager.

“The thief’s OS account and nfts in his account seems have not been marked yet, please stop slow mode” the message continued.

OpenSea’s support account posted on Twitter on Friday morning that it was investigating a “potential Discord vulnerability.”

It urged users not to click on links in the Discord channel. “We are continuing to investigate this situation and will share information as we have it.” An admin posted a similar message in the OpenSea Discord.

A common entry point for this style of attack is the webhooks feature used by organizations to control bots in their channels. Hackers can use compromised accounts to send messages and / or URLs that appear to be from an authorised source.

Webhooks, a common entry point for attacks.

On April 1st, the Bored Ape Yacht Club announced that its channel had been hacked, resulting in the theft of $800k worth of blockchain trinkets from the “Rare Bears” Discord. A phishing link sent out on the BAYC Instagram on April 25th led to the theft of $1 million worth of NFTs.

RELATED ARTICLES

Most Popular