"We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord," tweeted OpenSea on the matter.
It appears that the access was used to promote a scam NFT mint. According to screenshots, an announcement was made in the Discord server that there was a mint pass being offered in collaboration with YouTube. It directed members to go to a website that contained the word YouTube but was not its official website. PeckShield has identified the link as a phishing site.
The scam message was shared in the announcements channel. This channel has now been hidden from users.
Following the publication of the story, OpenSea confirmed the exploit, stating that an attacker was able to post malicious links in several of its Discord channels. It managed to remove the messages and accounts and informed its community not to click the links.
OpenSea said that it was aware of fewer than 10 wallets that were impacted and that some items were stolen, adding up to a total value of less than 10 ETH ($27,000).
This follows similar attacks in the NFT space, where Discord servers are often hacked to promote fake giveaways. This happened to Bored Ape Yacht Club's Discord server. More recently, the Bored Ape Instagram account was also hacked to promote a fake NFT mint — one that gleaned $2.8 million of NFTs from unwitting users.
We have updated this story with a comment from OpenSea.
For more breaking stories like this, make sure to subscribe to The Block on Telegram.
© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.