OpenSea, the popular marketplace for non-fungible token (NFT) projects, has reportedly fallen victim to a hack, with attackers promoting a scam within OpenSea’s Discord server.
“We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord,” tweeted OpenSea on Friday.
Do not click links in our Discord.
We are continuing to investigate this situation and will share information as we have it. https://t.co/jgtHcXifer
— OpenSea Support (@opensea_support) May 6, 2022
Inside OpenSea’s Discord server, the support team has issued similar statements. Members within the specific channel for reporting scams occurring within the server also shared screenshots of this specific scam. The screenshot shows an OpenSea bot announcing that “YouTube is officially partnering with [OpenSea] to bring their community into the NFT space.”
Security firm PeckShield also reported on the issue, saying that OpenSea’s Discord server has been exploited to promote a scam NFT mint.
According to screenshots shared by another Twitter user, hackers posted an announcement about an NFT mint pass offered in partnership with YouTube.
PeckShield has identified the link in the announcements channel as a phishing site. It’s not immediately clear if there are any users who fell victim to the attack.
Decrypt reached out to both OpenSea and PeckShield for more comments on the matter and will update this story accordingly should we hear back.
Exploits targeting NFTs
This is not the first time hackers have targeted NFT-related Discord servers.
Last month, Bored Ape Yacht Club’s (BAYC) Discord channel was compromised by a phishing attack, resulting in ApeCoin, the governance token for the Bored Ape community, plummeting by more than 8%.
Later that same month, the BAYC’s official Instagram account was compromised as well, as users who fell for the scam had their NFTs stolen.
The best of Decrypt straight to your inbox.
Get the top stories curated daily, weekly roundups & deep dives straight to your inbox.