OpenSea, the leading marketplace for nonfungible tokens, or NFTs, said Friday that it is “actively investigating” a breach of its main Discord channel.
“Do not click links in our Discord,” the company tweeted. “We are continuing to investigate this situation and will share information as we have it.”
The hackers posted a notice of a fake YouTube partnership announcement that included a link to a phishing site.
OpenSea said in a statement that “an attacker was able to post malicious links in several of our Discord channels.”
“We noticed the malicious links soon after they were posted and took immediate steps to remedy the situation, including removing the malicious bots and accounts,” the company said. “We also alerted our community via our Twitter support channel to not click any links in our Discord. We have not seen any new malicious posts since 4:30am ET.”
The company said a preliminary investigation indicated the attack had “limited impact”
“We are currently aware of fewer than 10 impacted wallets and stolen items amounting to less than 10 ETH,” the statement said. “We continue to actively investigate this attack, and will keep our community apprised of any relevant new information. “
Ethereum prices were down about 2% to $2,701.54, at last check.
Scroll to Continue
‘A Simple Phishing Attack’
Kate Kurbanova, Co-founder and COO of the risk management platform Apostro, said the OpenSea Discord hack is “a simple phishing attack, probably one of the admins got hacked or added a malicious bot by mistake–or even the bot itself was exploited.”
“The malicious bot got admin rights to post in the announcement channel and posted links to the phishing website,” she said. “It’s a pretty common vector of attack – the best way to prevent it is by securing admin accounts with 2FA (two-factor authentication) and similar practices, as well as monitoring all managing bots and rights once every couple of weeks.”
“Bruhh wen this hak will stop @elonmusk you should buy @discord too lol,” commented one person, referring to Tesla (TSLA) – Get Tesla Inc Report CEO Elon Musk’s $44 billion deal to acquire Twitter (TWTR) – Get Twitter, Inc. Report.
This is not the first time OpenSea is victim of a hack.
In February, OpenSea said it was investigating a scam targeting users of its NFT platform.
The hacker(s) stole several NFTs and had already sold a few for ethereum worth $1.7 million, according to CEO Devin Finzer.
OpenSea began accepting ApeCoin, the main token for the Bored Ape Yacht Club ecosystem and the main currency required in the metaverse game experience Otherside.
In January, OpenSea raised $300 million in new venture funding, led by venture capital firms Paradigm and Coatue, valuing the company at $13.3 billion.