OpenSea’s official Discord compromised in a phishing attack that stole at least $18k worth of NFTs

Illustration by Alex Castro / The Verge

The official Discord channel for OpenSea, the world's largest NFT marketplace, joined a growing list of NFT communities that have been exposed to phish attacks.

In this case, a bot made a fake announcement about OpenSea partnering with YouTube, which led users to click on a link to get one of 100 free NFTs. The URL the attackers linked was tagged as a phish site by the security company.

One person who said they lost NFTs in the incident pointed to the address on the blockchain as belonging to the attacker, so we can see more information about what happened next. 13 NFTs were transferred from five sources around the time of the attack, and that identity has been blocked on OpenSea's site. Based on their prices when last sold, they appear to be worth over $18,000.

Image: Richard Lawler / Discord

Image: Richard Lawler / Rarible.com

It has become common for prominent Web3 organizations to be attacked in this way. It is common for announcements to appear out of the blue, and the nature of the blockchain may give some users reasons to click first and consider the consequences later.

If you run out of funds during the process, minting your NFT will be much slower, more expensive, and even impossible. If they have left any items in their hot wallet that is connected to the internet, then they can give away their login details.

An attacker was able to post malicious links in several of our Discord channels, according to a statement from OpenSea. We took immediate steps to remedy the situation, including removing the malicious bots and accounts, after we noticed the malicious links. Our community was told via our support channel not to click on links in our Discord. We haven't seen any new posts since 4:30am.

We will keep our community apprised of any new information that we discover. The attack had limited impact according to our preliminary analysis. Mack says they are aware of less than 10 impacted wallets and less than 10 stolen items.

Do not click links in our Discord.



We are continuing to investigate this situation and will share information as we have it. https://t.co/jgtHcXifer

— OpenSea Support (@opensea_support) May 6, 2022

Related

Discord hacking is the newest threat for NFT buyers

OpenSea has not made a statement about how the channel was hacked, but as we explained in December, one entry point for this style of attack is the webhooks feature that organizations often use to control the bots in their channels. If a hacker gains access to someone's account, they can use it to send a message or URL that appears to come from an official source.

The Bored Ape Yacht Club's channel was compromised on April 1st, and a recent attack included one that stole $800k worth of theBlockchain trinkets from theRare Bears. On April 25th, the BAYC was used as a conduit for a similar theft that netted more than $1 million in NFTs.