The list of hacks grows dangerously – The NFT met with significant enthusiasm from the second half of 2021. Since then, the platform Opensea positions itself as invincible leader in the sale of NFT. However, the repeated hacks and phishing continue to tarnish his image.
A phishing attack on the Opensea Discord
With its 2 to 4 billion dollars in monthly volume, Opensea has become the number 1 platform in the purchase and sale of NFT on Ethereum (ETH).
Obviously, this monopoly attracts its share of malicious users, determined to take advantage of this celebrity to extort users.
Thus, on May 6, the bot Discord Opensea official published a announcement surprisingly, to say the least:
“We have partnered with YouTube to bring their community into the NFT space and we are releasing a mint pass with them that will allow mint holders to participate in the project for free. »
Of course, the message is accompanied by a link referring to the site of ” partnership “. Unsurprisingly, this too-good-to-be-true ad is actually thework of a hacker.
Quickly, the Opensea Twitter account posted an announcement warning that the project’s official Discord had been hacked.
It looks like the Opensea teams have had a madly evil to recover the control of their server Discord. Indeed, the attacker had the leisure to publish his message several times, even trying to feed the FOMO (fear of missing out) stating that 70% of NFTs had been claimed.
A fairly classic phishing method
In practice, this attack is not very innovative. Indeed, the attacker’s link was to a website pretending to be YouTube.
On this, the user is invited to connect his wallet and sign a transaction. You know the song! This transaction is actually a type transaction setApprovalForAll allowing the attacker to take the control of NFTs held on the wallet.
According to the on-chain analysis, 13 NFTs have been stolen during this attack. Fortunately, the estimated value of these tokens only amounts to $20,000. A very meager loot, which demonstrates the increased vigilance of NFT holders in these times of repeated hacks.
However, this umpteenth breach at Opensea will undoubtedly tarnish his reputation. Indeed, this is the third time this year that Opensea has made the headlines in the specialized media because of hacks or phishing attacks. In January, 332 ETH in NFT had been stolen following a flaw in the Opensea interface. Rebelote in February, where several NFTs with a total value of 500 ETH had been stolen during a phishing attack.
Of course, Opensea is not the only project affected by these phishing attacks. In fact, the project Bored Ape Yacht Club suffered the same type of attack, after his Instagram account was hacked. Result : $2.8 million by NFT stolen !
Learn to distinguish lark mirrors. Caution and mistrust are required in the face of too good promises! Don’t take the bait and register on the KuCoin reference platform instead (affiliate link).