$18k Worth Of NFTs Lost In OpenSea’s Discord Compromise
The Discord channel of the world’s largest NFT marketplace was phished on Friday morning.
To create a sense of urgency, a bot made a fake announcement on Reddit claiming that OpenSea had partnered with YouTube. The user would be then directed to a fake website and taken through several pages of security verification before being told that they did not win the giveaway.
To confirm who is responsible for the attack, one person pointed to this address on the blockchain as belonging to the attacker. This identity has been blocked by OpenSea’s platform. If you look at it from Etherscan.io or Rarible which is a competitor of OpenSea, it shows that around the time of the attack, five NFTs worth a total of about 18 thousand USD were transferred our from five sources to this account. The items are currently also reported for suspicious activity and could have been sold for $18 thousand.
Custom tokens are being targeted by scammers who have successfully created tactics to exploit traders who are looking to profit from “airdrops”. Claims will appear out of the blue, and with a decentralized nature of blockchain, some users may be more inclined to click first.
If they want to avoid having their rare items or cryptocurrency hacked, they should wait until everyone else is done. If they want to stay competitive with everyone else, they should make sure to be the last person rushing.
OpenSea said that an attacker was able to insert malicious links in their chat channels, which were quickly removed after the posts were noticed. They also alerted their community to not click any malicious links they may be contacted with.
An attack on ETH has had very few ramifications. It is estimated that 10 wallets have been impacted and 10 ETH was stolen.
They have not yet released the story of how they hacked the channel, but in December we explained that the webhooks feature was one way to do so. If an event is responsible and distributes that access to someone else, they could exploit it and send a message using their name.
Recent attacks have included stealing $800k worth of the blockchain trinkets from the “Rare Bears” Discord, and the Bored Ape Yacht Club announced its channel had been compromised on April 1st. On April 25th, a phishing link sent to the BAYC Instagram resulted in a heist worth more than $1 million in NFTs.