Another top NFT company has been hit by a phishing attack

If a message seems too good to be true, avoid clicking on any links it may contain

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The official Discord channel of theNFTmarketplaceOpenSeawas recently infiltrated by cybercriminals who used it to distribute a phishing link.

According toThe Verge, a bot in the channel made a fake announcement that the NFT marketplace was partnering withYouTubeand that users should click on a “YouTube Genesis Mint Pass” in order to get one of 100 free NFTs before they’re gone forever.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Just like cybercriminals often do inphishing emails, this message instilled asense of urgencyto get users to click on a link to a site that that blockchain security company PeckShield has now flagged as a phishing site.

At the same time, as the NFT space tends to move rather quickly, users knew from past experience that they only had a limited time to claim one of the free NFTs and likely didn’t want to miss out.

Stolen NFTs

Although the malicious messages have been removed from OpenSea’s Discord channel and the phishing site has also been taken down, one user said they lost NFTs in the incident and pointed to an address on theblockchainthat belonged to the cybercriminals responsible.

Viewing the address on Etherscan.io or on competing NFT marketplaceRaribleshows that 13 NFTs were actually transferred to it from five users around the time of the attack and based on their prices when last sold, all five NFTs appear to be worth just over $18k.

While OpenSea hasn’t yet explained how its Discord channel was hacked, one possible explanation is that the cybercriminals leveraged thewebhook functionalitythat organizations utilize to control bots which make posts on their channels.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

That NFT job offer is probably malware>Another top NFT marketplace may have a serious security flaw>Several huge NFT Discords hacked by scam attacks

In a statement toThe Verge, OpenSea spokesperson Allie Mack provided further details on how the company responded to the incident, saying:

“Last night, an attacker was able to post malicious links in several of our Discord channels. We noticed the malicious links soon after they were posted and took immediate steps to remedy the situation, including removing the malicious bots and accounts. We also alerted our community via our Twitter support channel to not click any links in our Discord. Our preliminary analysis indicates that the attack had limited impact. We are currently aware of fewer than 10 impacted wallets and stolen items amounting to less than 10 ETH.”

Whether you’re onDiscordorTelegram, you should avoid clicking on suspicious links especially in messages that try to instill a sense of urgency to prevent falling victim to phishing attacks.

ViaThe Verge

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

iStorage Group acquires Kanguru Solutions as it looks to expand security offering