News outlets widely reported that they had “partnered with YouTube to bring their community into the NFT Space” in the hacker’s original message, published on the announcements channel.
Opensea and Fake Youtube Partnership
Opensea discord is one of the most populated discord channels since the beginning of NFTs and an attack on the main Discord channel of OpenSea, a nonfungible token (NFT) marketplace, resulted in bogus “Youtube partnership” announcements being posted by the hackers.
Fake news of a partnership was posted on Friday, along with a link to an untrustworthy site. In addition, there has been an attack on OpenSea Support’s Discord server, and the company is warning customers not to open any links in the channel.
Opensea has made the Attack known to the Public
First, the hacker stated that the company had collaborated with YouTube to “bring their community into the NFT Space,” published on the announcements channel. A free mint pass for OpenSea was also promised, with the company stating that it would be available for distribution.
We’ve learned that the invader had some time to remain on the server before software personnel could take it back. Following the original bogus statement, the hacker posted follow-ups, reiterating the unnatural link and stating that 70% of the supply had already been made.
To lure their customers, the fraudster promised that YouTube would provide them “crazy utilities” if they claimed their NFTs. According to them, this offer is the only one available, and there would be no further participation rounds.
Since writing, on-chain data reveals 13 wallets believed to have been hacked, with Founders Pass valued at $8,982.58 is the most valuable stolen NFT.
Initial indications indicate that the attacker accessed server management through webhooks. Allows other applications to be informed of events in real-time through a server plugin. A growing number of hackers are using webhooks, which would enable them to transmit messages from official servers as a means of attack.
Growing Phishing Attacks and Discord Hacks
🚨 official message from the founders
Doodles discord was penetrated by a hacked bot. Any message put out in any of our channels, ignore for now. We are on it. Our lawyers, friends at discord, and the community are helping us. We will update you as we diagnose the situation.
— doodles (@doodles) February 26, 2022
Many servers may be abused using webhooks, not only the Open Sea Discord. NFT channels, including Bored Ape Yacht Club, Doodles, and KaijuKinds, were hacked in early April using the same vulnerability that enabled the hacker to publish phishing links using the legitimate server accounts of those channels.