OpenSea, probably the most famous non-fungible token (NFT) market platform, has being target of another cyberattack incident. This time, the hack involves its Discord server, where a massive phishing attack was carried out against several users who clicked on a link that led to claim a supposed free NFT.
Reports began during the early hours of May 6th, when several users noted that OpenSea’s official Discord channel published a fake announcement about an alleged partnership between the NFT market and YouTube; the post assured both companies were willing to give away 100 brand new NFTs to the first ones to click on the attached link.
This “YouTube Genesis Mint Pass” campaign (using the youtubenft.art web domain) supposedly allowed users to claim the free token, so several users rushed to click on this post. No surprise, this was a phishing campaign in which hackers were trying to take control of affected accounts and get cryptocurrency transfers.
After the company noticed the malicious activity, they posted a message through its official Twitter account, urging users not to interact with these messages: “Do not click on links in our Discord. We are continuing on investigate this situation and will share information as we have it”.
Last night, an attacker posted malicious links in several of our Discord channels. Our analysis shows the attack had limited impact: <10 wallets were impacted with stolen items amounting to <10 ETH.
We’ve not seen any new malicious