Saturday, July 2, 2022

Hackers Hijacked the OpenSea Discord Using a Fake YouTube NFT Scam

Must read

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

At around 4:30 a.m. ET on Friday, the official Discord channel for OpenSea, the world’s largest NFT marketplace, joined the growing list of NFT communities that have exposed participants to phishing attacks.

In this case, a bot made a false announcement about OpenSea’s partnership with YouTube, enticing users to click a “YouTube Genesis Mint Pass” link to get their hands on one of 100 free “insane utility” NFTs before they would be gone forever, as well as a few follow-up messages. Blockchain Security Tracking Company PeckShield tagged the URL the attackers linked to, “youtubenft[.]art” as a phishing site, which is currently unavailable.

Although the messages and phishing site are already gone, one person said they lost NFTs in the incident point to this address on the blockchain as the attacker’s property so we can see more information about what happened next. While that identity is blocked on OpenSea’s site, viewing it via or a competing NFT marketplace, rare, shows that around the time of the attack, 13 NFTs were transferred to it from five sources. They are also now being reported on OpenSea for “suspicious activity” and appear to be worth just over $18,000 based on their prices at last sale.

The phishing message, as seen on Discord.
Image: Richard Lawler/Discord

A screenshot of the thief's loot as seen on Rarible

A screenshot of the thief’s loot as seen on Rarible.
Image: Richard Lawler/

This kind of intermediary attack where scammers exploit NFT traders to take advantage of “airdrops” has become common for prominent Web3 organizations. It is common for announcements to appear out of the blue, and the nature of the blockchain may give some users reasons to click first and consider the consequences later.

Aside from the desire to get your hands on rare items, there’s the knowledge that waiting can make your NFT during a rush much slower, more expensive, or even impossible (if you run out of money in the process). If they have left items or cryptocurrency in their hot wallet connected to the internet, coughing up credentials from a phisher can give them away in seconds.

In a statement to The edge, OpenSea spokesperson Allie Mack confirmed the incident, saying: “Last night an attacker was able to post malicious links in several of our Discord channels. We noticed the malicious links shortly after they were posted and immediately took action to remedy the situation, including removing the malicious bots and accounts. We have also warned our community through our Twitter support channel not to click on links in our Discord. We haven’t seen any new malicious messages since 4:30 a.m. ET.”

“We continue to actively investigate this attack and will update our community with any relevant new information. Our preliminary analysis shows that the attack had a limited impact. We are currently aware of less than 10 affected wallets and stolen items worth less than 10 ETH,” said Mack.

OpenSea has made no statement as to how the channel was hacked, but as we explained in December, one entry point for this attack style is the webhooks feature that organizations often use to control the bots in their channels to post messages. If a hacker gains access to or compromises an authorized person’s account, he can use it to send a message and/or URL that appears to be from an official source.

Recent attacks include one that: stole $800k from the blockchain trinkets of the “Rare Bears” Discord, and the Bored Ape Yacht Club announced on April 1 that its channel had been compromised. On April 25, the BAYC Instagram served as the channel for a similar heist that grabbed more than $1 million worth of NFTs simply by sending a phishing link.

More articles


Please enter your comment!
Please enter your name here

Latest article