OpenSea Discord Hacked, NFTs Stolen Using Fake YouTube Site

The official Discord for the popular NFT marketplace was breached by scammers on Friday morning, netting just under $20,000 in ill-gotten NFTs.

May 6 2022, 2:23pm

Scammers hacked the official Discord server of popular NFT marketplace OpenSea on Friday morning, sending a bot message that tricked users into visiting a fake website that resembled YouTube but was really set up to gain access to crypto wallets. 

The breach was first publicized on Twitter by "Serpent," the pseudonymous developer of Sentinel, which is software for detecting Discord hacks aimed at crypto investors. According to their screenshot and screenshots preserved by users in OpenSea's Discord channel, the scam message pointed to "youtubenft.art" and advertised a "YouTube Genesis Mint Pass." Presumably, victims thought they were connecting their wallets to get one the of the first NFTs from a new project from YouTube. 

Advertisement

The site has since been wiped and currently only displays text reading: "@allah on Twitter." That account was created in February, has no tweets, and is following no-one. 

An error occurred while retrieving the Tweet. It might have been deleted.

A few users in OpenSea's discord said that NFTs were stolen from them. 

"my two nfts stollen. thief's address 0x5Bf15Af9B432b3ea4bbF5B219A77b788CE83d113 where is the support?" one user wrote, tagging a community manager. "The thief's OS account and nfts in his account seems have not been marked yet. please stop slow mode."

Screengrab: Discord

The wallet address identified by that user and another who said they had NFTs stolen from them had 13 NFTs transferred to it on Friday morning—none from high-value collections—worth just under $20,000 if the stolen NFTs are sold at their collections' floor price. It also holds $93.50 in ETH. The address has not been marked on Etherscan as a phishing address, and Motherboard could not verify it beyond Discord users' reports.

OpenSea's support Twitter account announced on Friday morning that it was investigating a "potential Discord vulnerability."

"Do not click links in our Discord," the account tweeted. "We are continuing to investigate this situation and will share information as we have it." A similar message was posted by an admin in the OpenSea Discord.

Even though the hacker seems to not have gotten away with much, the incident is just the latest in a long string of hacks and scams targeting Discord—where most crypto projects, including major players, congregate—including blue-chip NFT collections like Bored Ape Yacht Club, which was targeted in a hacking campaign that hit multiple NFT collections last month

Tagged:

cryptocurrency, HACK, discord, crypto, NFT, opensea

More
like this
Someone Bought NFTs From Accused Bitcoin Launderer, and They’re Pissed
Seth Green's Apes Gone, Begs Internet Not to Buy Them
Neal Stephenson, Author Who Coined ‘Metaverse,’ Just Bought His First NFTs
Neal Stephenson, Author Who Coined ‘Metaverse,’ Just Bought His First NFTs
More Than 80% of NFTs Created for Free on OpenSea Are Fraud or Spam, Company Says
A Hacker Is Actively Stealing High-Value NFTs From OpenSea Users
People Whose NFTs Were Stolen Are Getting Wildly Different Refunds from OpenSea
Ethereum Companies Suddenly Ban Users In Certain Countries