- The attacker gained access to the server’s management panel through webhooks.
- On-chain data reveals 13 wallets believed to have been hacked.
OpenSea, a marketplace for non-fungible tokens (NFTs), was breached by hackers who made false announcements about a Youtube collaboration on the channel’s main Discord.
Fear of Missing Out
A screenshot released on Friday shows fake news about a partnership with a phishing site. Additionally, Friday morning, OpenSea Support’s official Twitter account stated that the marketplace’s Discord server had been infiltrated and cautioned customers not to open links in the channel.
As stated in their first release, the hacker claimed that OpenSea and YouTube had “partnered with YouTube to bring their community into the NFT Space.” According to the announcement, a mint pass with OpenSea will also be released, which would enable holders to mint their project for free.
It looks that the intruder was able to remain on the server for a long time before the OpenSea crew could retake control of the server. By posting follow-ups to a bogus notification, reiterating a fake link, and saying that 70 percent of the supply had already been mined, hacker attempts to create fear of missing out among victims.
OpenSea customers were also enticed by the scammer’s promise of crazy utilities if they claimed the NFTs. They’re making the usual fraudulent claim that this offer is unique and that there will be no further participation rounds. On-chain data reveals 13 wallets believed to have been hacked, with Founders pass valued at $8,982.58 is the most valuable stolen NFT.
According to early reports, the attacker gained access to the server’s management panel through webhooks. Other programs can obtain real-time data through a webhook or a server plugin. Because they allow messages to be sent from official server accounts, webhooks have become a popular attack method for hackers.