Another Top NFT Company Has Been Hit By a Phishing Attack

The official Discord channel of the NFT marketplace OpenSea was recently infiltrated by cybercriminals who used it to distribute a phishing link.

According to The Verge, a bot in the channel made a fake announcement that the NFT marketplace was partnering with YouTube and that users should click on a “YouTube Genesis Mint Pass” in order to get one of 100 free NFTs before they’re gone forever.

Just like cybercriminals often do in phishing emails, this message instilled a sense of urgency to get users to click on a link to a site that that blockchain security company PeckShield has now flagged as a phishing site.

At the same time, as the NFT space tends to move rather quickly, users knew from past experience that they only had a limited time to claim one of the free NFTs and likely didn’t want to miss out.

Stolen NFTs

Although the malicious messages have been removed from OpenSea’s Discord channel and the phishing site has also been taken down, one user said they lost NFTs in the incident and pointed to an address on the blockchain that belonged to the cybercriminals responsible.

Viewing the address on or on competing NFT marketplace Rarible shows that 13 NFTs were actually transferred to it from five users around the time of the attack and based on their prices when last sold, all five NFTs appear to be worth just over $18k.

While OpenSea hasn’t yet explained how its Discord channel was hacked, one possible explanation is that the cybercriminals leveraged the webhook functionality  that organizations utilize to control bots which make posts on their channels.

In a statement to The Verge, OpenSea spokesperson Allie Mack provided further details on how the company responded to the incident, saying:

“Last night, an attacker was able to post malicious links in several of our Discord channels. We noticed the malicious links soon after they were posted and took immediate steps to remedy the situation, including removing the malicious bots and accounts.

We also alerted our community via our Twitter support channel to not click any links in our Discord. Our preliminary analysis indicates that the attack had limited impact. We are currently aware of fewer than 10 impacted wallets and stolen items amounting to less than 10 ETH.”

Whether you’re on Discord or Telegram, you should avoid clicking on suspicious links especially in messages that try to instill a sense of urgency to prevent falling victim to phishing attacks.

Anthony Spadafora

After getting his start at ITProPortal while living in South Korea, Anthony now writes about cybersecurity, web hosting, cloud services, VPNs and software for TechRadar Pro. In addition to writing the news, he also edits and uploads reviews and features and tests numerous VPNs from his home in Houston, Texas. Recently, Anthony has taken a closer look at standing desks, office chairs and all sorts of other work from home essentials. When not working, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Source: Another top NFT company has been hit by a phishing attack | TechRadar


More contents:

5 things you didn’t know Google Maps could do

Bypass VPN blocks and make yourself undetectable online

Sony weighs in on PS Plus subscription stacking – and you’re not going to like it

Meta’s Project Cambria price leaks and, spoiler alert, you’re not going to like it

Xbox Game Pass adds a feast of indie games

Get an alert when your data ends up on the dark web with the best identity theft protection

That NFT job offer is probably malware

More Remote Working Apps:     Quintex Capital   Genesis Mining   BevTraders  LiteTrading  prime stocks  content gorilla  stock rush  forrk  keysearch  gluten free  diet fitness diabetes  writing job  postradamus  stoodaio  profile mate  senuke   asin  appimize  super backdrop  audiencetoolkit  4brandcommercial  talkingfaces  socifeed  gaming jobs   backlink indexer  powrsuite  tubeserp  PR Rage  design beast  commission smasher  MT4Code System  viral dash  coursova  fanpage  forex expert  appointomatic  woocommerce  domainname  maxslides  ada leadz  eyeslick  creaitecontentcreator  vidcentric  studioninja  marketingblocks  clipsreel  VideoEnginePro  BarclaysForexExpert  Clientfinda  Talkingfaces  IMSyndicator  SqribbleEbook  superbackdrop  VirtualReel  MarketPresso  voiceBuddy  tubeTargeter  InstantWebsiteBundle  soronity  DFY Suite 3.0 Agency+ information  VideoRobot Enterprise  Klippyo Kreators  ChatterPal Commercial  WP GDPR Fix Elite Unltd Sites  EngagerMate  VidSnatcher Commercial  myMailIt  Storymate Luxury Edition  iTraffic X – Platinum Edition  Content Gorilla One-time  Push Button Traffic 3.0 – Brand New  SociCake Commercial  The Internet Marketing  Designa Suite License  XFUNNELS FE Commercial  ShopABot  Inboxr  MediaCloudPro 2.0 – Agency  MyTrafficJacker 2.0 Pro+  AIWA Commercial  Toon Video Maker Premium  Steven Alvey’s Signature Series  Fade To Black  Adsense Machine  Diddly Pay’s DLCM DFY Club  CourseReel Professional  SociJam System  360Apps Certification  LocalAgencyBox  Instant Website Bundle  GMB Magic Content  PlayerNeos VR

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: