Read full article at Cointelegraph.com News.

Nonfungible token (NFT) marketplace OpenSea suffered a server breach on its main Discord channel, with hackers posting fake “Youtube partnership” announcements.

A screenshot shared Friday shows fake collaboration news, accompanied by a link to a phishing site. OpenSea Support’s official Twitter account tweeted that the marketplace’s Discord server was breached Friday morning and warned users not to click the channel.

The hacker’s initial post, published in the announcements channel, claimed that OpenSea had “partnered with YouTube to bring their community into the NFT Space.” It also said that OpenSea is releasing a mint pass with them that will allow holders to mint their project for free.

It appears that the intruder was able to stay on the server for a considerable length of time before OpenSea staff were able to regain control. In an attempt to create “fear of missing out” to victims, the hacker was successful in reposting follow-ups to the initial fraudulent announcement, rehashing the phony link, and claiming that 70% of the supply had already been minted.

The scammer also attempted to entice OpenSea users, claiming that YouTube would provide “insane utilities” to those who claimed the NFTs. They are claiming that this offer is unique and that there will be no further rounds to participate, which is typical of fraudsters.

On-chain data shows 13 wallets seem to have been compromised as of writing, with the most valuable NFT stolen being a Founders’ Pass worth around 3.33 ETH or $8,982.58.

Initial reports suggest that the intruder used webhooks to access server controls. A webhook is a server plugin that allows other software to receive real-time information. Webhooks have increasingly been used as an attack vector by hackers because they provide the ability to send messages from official server accounts.

Related: Ape-themed airdrop phishing scams are on the rise, experts warn

The OpenSea Discord is not the only server to be exploited via webhooks. Several prominent NFT collections’ channels, including Bored Ape Yacht Club, Doodles, and KaijuKings, were compromised in early April with a similar vulnerability that allowed the hacker to use official server accounts to post phishing links.

This article is strictly for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. CryptosOnline.com does not provide investment, tax, legal, business or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any loss or damage caused or alleged to be caused by, or in connection with, the use of or reliance on any content, goods, services or opinions mentioned in this article.

#Bitcoin #Crypto #Cryptocurrency

Categories:

Tags:

Comments are closed

Translate

Our Other Projects

EdgyBranding.com - Premium Domain Names.

Notezi.com - Social Network

ParisArtwork.org - Mid-century Paris NFTs, tokenized on the WAX blockchain.

NewYorkArtwork.org - Mid-century New York NFTs, tokenized on the Ethereum blockchain and offered on Rarible.

ClassicAutomobile.org - Classic Automobile News.

RSS
Facebook
Facebook
LinkedIn
LinkedIn