OpenSea’s Discord server was hacked: Thieves post phishing link to steal cryptocurrency

OpenSea, probably the most famous non-fungible token (NFT) market platform, has being target of another cyberattack incident. This time, the hack involves its Discord server, where a massive phishing attack was carried out against several users who clicked on a link that led to claim a supposed free NFT.

Reports began during the early hours of May 6th, when several users noted that OpenSea’s official Discord channel published a fake announcement about an alleged partnership between the NFT market and YouTube; the post assured both companies were willing to give away 100 brand new NFTs to the first ones to click on the attached link.

This “YouTube Genesis Mint Pass” campaign (using the youtubenft.art web domain) supposedly allowed users to claim the free token, so several users rushed to click on this post. No surprise, this was a phishing campaign in which hackers were trying to take control of affected accounts and get cryptocurrency transfers.

After the company noticed the malicious activity, they posted a message through its official Twitter account, urging users not to interact with these messages: “Do not click on links in our Discord. We are continuing on investigate this situation and will share information as we have it”.

Discord users mentioned that the phishing message remained published for a considerable time; nonetheless, the server admins believe that less than a dozen users may have fallen victims to this scam, transferring less than 10 Ethereum to the hackers’ cryptocurrency wallet.

Unfortunately, phishing is still a widely used and functional cyberattack method, forcing Internet users to learn how to avoid these scams. OpenSea has listed several anti phishing recommendations, including:

  • Do not click on unknown links or download unsolicited files, either via email or through platforms such as Telegram or Discord
  • Enable multi-factor authentication to add an extra layer of security to your online accounts
  • Do not make transactions outside of OpenSea, since the platform cannot do anything in such cases

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.