Latest OpenSea Attack Sees Hacker Infiltrate Discord
Another Discord server has fallen victim to a webhooks exploit.
- OpenSea confirmed a vulnerability in its Discord Server Friday morning.
- A hacker directed users to mint fake “YouTube Genesis Mint Passes” from a phishing link.
- On-chain data shows that losses from the hack are currently small, with only six users losing NFTs so far.
Share this article
The OpenSea Discord server was hacked early Friday morning. A series of posts from a compromised OpenSea Discord server bot directed users to mint a “YouTube Genesis Mint Pass” from a phishing link.
OpenSea Discord Server Hacked
The Discord of the largest NFT marketplace has been hacked.
A tweet from the official OpenSea Support Twitter confirmed that a there was a vulnerability in the marketplace’s Discord server Friday morning.
The hacker’s first post, which appeared in the announcements channel at 4:04 am UTC, stated that OpenSea had “partnered with YouTube to bring their community into the NFT space.” The post went on to say that the partnership would include the release of 100 “YouTube Genesis Mint Passes” that would allow holders to mint collaborative projects for free. The post ended with a link to a fake minting website designed to trick users into signing a transaction that would give the hacker the ability to transfer NFTs out of their wallet.
It appears that the hacker was able to maintain their presence on the server for some time before OpenSea employees were able to regain control. The hacker succeeded in posting follow-ups to the initial fake announcement, reposting the fake link and stating that 70% of the supply had already been minted in an attempt to induce “fear of missing out” in unsuspecting users.
On-chain data from Etherscan shows that the losses from the hack are currently small. In total, only six wallets appear to have been affected so far, with the most valuable NFT stolen being a ConiunPass with a market value of around 0.84 ETH or $2,300.
Early reports suggest that the hacker exploited the OpenSea Discord server’s webhooks to gain access to server controls. A webhook is a server plugin that provides other applications with real-time data. While webhooks serve a useful function, they have increasingly been used as an attack vector by hackers as they allow messages to be sent to users from official server accounts.
The OpenSea Discord server is not the only one to recently fall victim to a webhooks attack. At the start of April, the Discords of several prominent NFT collections, including Bored Ape Yacht Club, Doodles, and KaijuKings, were compromised using a similar exploit, allowing a hacker to post phishing links using official server accounts.
This story is breaking and will be updated as more information is available.
Special thanks to HttpPwnHub for identifying the hacker’s wallet.
Disclosure: At the time of writing this piece, the author owned ETH and several other cryptocurrencies.