Posted on May 8, 2022 at 6:54 AM
The OpenSea was confirmed hacked on Friday after hackers broke in and stole at least $18,000 worth of NFT via a phishing attack. OpenSea is presently the largest NFT marketplace in the world. It goes to show that no platform can be confirmed 100% safe from the exploits of threat actors.
The official OpenSea Support Twitter page confirmed the hacking incident, noting that there was a vulnerability in the Discord service of the marketplace on Friday.
The hackers deceived gullible users by announcing that OpenSea had collaborated with YouTube to “bring their community into the NFT space.” Further, the post highlighted that the partnership will include the release of 100 “YouTube Genesis Mint Passes” that will allow the holders easily mint collaborative projects at no cost.
The hackers ended the post with a link to a bogus minting website to deceive users into carrying out a transaction that will enable the hacker easily transfer their NFTs out of their wallets. According to blockchain security company PeckShield, the attackers linked the URL to “youtubenft[.]art”, a phishing site that is no longer available.
More scammers are now exploiting NFT traders who want to take advantage of “airdrops”. The threat actors are exploiting the heavy attraction of airdrops to steal funds from unsuspecting users. It is done in such a way to prevent any form of suspicion either from the users or the exploited platform.
It is very common for announcements about airdrops in the crypto and NFT space. With the nature of the blockchain, many users do not mind clicking on the promotional link first and considering the consequences later.
Scammers Take Advantage Of The Boom In NFTs
Apart from the rush to collect rare items that may be of more value later, there is the general notion that delaying can make NFT minting during a rush more expensive and much slower. As a result, many users prefer registering their interest in a new NFT item even when they have not considered the risk involved. As a result, those who keep cryptocurrency or NFT in their wallets before connecting to the internet will be risking those funds. Once the login details are exposed, it doesn’t take too long before their funds are wiped clean from their accounts.
OpenSea spokesperson, Allie Mack, while confirming the incident, stated that the threat actors succeeded in posting malicious links on several of OpenSea’s Discord channels.
He however added that the security team was able to discover the malicious links shortly after they were posted and acted swiftly to prevent more issues. The spokesperson noted that the malicious bots and accounts have been removed and every of the platform’s Discord channels is now safe.
The community has also been informed of measures they need to take to prevent any further impact of the attack. The spokesperson noted that no new malicious posts have been seen since the first ones were deleted on Friday.
The preliminary investigation shows that the attack had a minimal impact, as only less than 10 wallets were affected, with stolen funds amounting to bless than 10 ETH.
“We continue to actively investigate this attack, and will keep our community apprised of any relevant new information,” Mack added.
Other NFT Platforms Have Suffered Similar Attacks
OpenSea has not stated how the channel was hacked. However, in several other similar attacks, one basic entry point is usually through the webhooks feature that firms use to control the bots in the channels.
If a threat actor compromises or gains access to the account of an authorized user, they can easily use the account to send a URL or a message, making it seem like the message is coming from an official source.
Recently, a similar attack involves the theft of $800,000 worth of blockchain trinkets from the “Rare Bears” Discord. On April 1, it was the turn of the Bored Ape Yacht Club. The Instagram account of the BAYC was used as a channel for the hacking incident which stole more than $1 million worth of NFTs after the attacker sent out a phishing link through the channel.
The latest attack on OpenSea seems that the threat actors were able to conceal their presence in the server for some time before the platform regained control of the account. The latest incidence is evidence that attackers are showing more interest in crypto and NFT platforms. They are increasingly exploring vulnerability and taking advantage of the anonymous nature of blockchain transactions.