Opensea Confirms Discord Hack As Spambots Promote “YouTube” NFTs

Key Insights:

• NFT marketplace Opensea’s Discord server has been hacked.
• Spambots have been posting links to limited YouTube NFTs
• Social media channel hacks have been on the rise this year.

While the Decentralized Finance space is prone to hacks and exploits, it’s unusual for their centralized social media platforms to go through something similar.

However, over the last couple of weeks, the crypto space has been observing the latter, with the latest addition to the mix being Opensea.

Opensea Hacked Again!

The Ethereum-based NFT marketplace confirmed that their Discord server had been compromised a few hours ago. The same was verified by PeckShieldAlert and Serpent, accounts associated with blockchain security.

Being the first to bring this exploit to life, Serpent shared a screenshot of the Discord channel where spambots seemingly posted links to a page titled “yoytubenft.art”.

By claiming these NFTs to be limited with only 100 in existence and over 80% minted out, the hackers tried to lure investors towards the phishing website.

PeckShieldAlert posted the image of the same website with an alert warning people of the possible attempt by hackers to steal their private key, tricking users into giving them token approval and/or buying scam tokens.

At the time of writing, the most recent update from Opensea was as follows,

“Do not click links in our Discord. 

We are continuing to investigate this situation and will share information as we have it.”

This is, however, not the first time Opensea users have been the victim of a hack. As reported by FXEmpire, Opensea users lost about $1.7 million worth of NFTs in a phishing attack earlier this year.

A victim even sued the marketplace with a $1 million lawsuit claiming the platform continued operating instead of shutting down and rectifying the issues. 

Opensea Is Not Alone

Last month the second biggest NFT collection, Bored Ape Yacht Club (BAYC), witnessed two hacks compromising its social media accounts.

The first attack took place on April 1, compromising the NFT collection’s Discord server, followed by a second attack on its Instagram account on April 27.

With the latter hack, the hacker managed to swipe 4 Apes, 6 Mutants, 3 Kennels, and some other valuable NFTs.

Thus this pattern of attacking social media accounts seems to be picking up the heat. Still, investors can be safe if they understand the difference between a fake announcement and an actual announcement. As highlighted by Serpent,

Yep… If you see 100 announcements per second, fall for "youtubenft", try to claim a random airdrop on your main wallet, and approve multiple random token approval requests idk what to say 😭😭

— Serpent (@Serpent) May 6, 2022