The leading NFT marketplace, OpenSea, is under attack, as hackers compromised the platform’s Discord server. OpenSea is investigating a potential vulnerability, and has warned users to not click any links published on its Discord for now.
The platform’s Discord channel was hacked in order to promote a scam which appeared just hours ago on Friday, according to various reports on Twitter.
As seen in the screenshot, the hackers published a fake “important announcement”, which advertised a fraudulent OpenSea partnership with Youtube, and the upcoming release of a limited edition NFT minting pass, of which there would only be 100 copies.
The message stated that pass holders would be able to mint NFTs for free. However, prior to that, they would be required to mint the Youtube Genesis Mint Pass by clicking the provided link.
The URL address was later confirmed to be a link to a phishing site. Blockchain security company PeckShield warned users not to open it.
The company warned users: “Scammers may steal your private key, trick you into giving them token approval or buying scam tokens, etc. Please, stay away from it!”
OpenSea itself has not shared any comments on how exactly their Discord server was compromised. The platform’s support team merely stated that they were investigating a potential vulnerability in Discord, and asked users not to click any links in the OpenSea Discord server. In the meantime, the Discord channel, where the fake messages were posted, has been temporarily closed for users.
NFT scams have become a hot topic in the crypto space. Social media accounts of trusted NFT and cryptocurrency projects are often compromised to promote fake token airdrops or NFT minting.
A few weeks ago, the Bored Ape Yacht Club suffered hacks on their official Instagram and Discord accounts which attempted to lure users to NFT phishing websites. At least 54 BAYC NFTs were stolen during the attack.