NewsNFTs

OpenSea Suffers Discord Exploit Promoting YouTube NFT Scam

The leading NFT marketplace OpenSea today confirmed it is investigating a potential vulnerability in its Discord server.

2 min read
OpenSea is the leading marketplace for NFTs. Image: Shutterstock

OpenSea, the popular marketplace for non-fungible token (NFT) projects, has reportedly fallen victim to a hack, with attackers promoting a scam within OpenSea’s Discord server.

"We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord," tweeted OpenSea on Friday.

Inside OpenSea's Discord server, the support team has issued similar statements. Members within the specific channel for reporting scams occurring within the server also shared screenshots of this specific scam. The screenshot shows an OpenSea bot announcing that "YouTube is officially partnering with [OpenSea] to bring their community into the NFT space."

Security firm PeckShield also reported on the issue, saying that OpenSea’s Discord server has been exploited to promote a scam NFT mint.

According to screenshots shared by another Twitter user, hackers posted an announcement about an NFT mint pass offered in partnership with YouTube.

PeckShield has identified the link in the announcements channel as a phishing site. It’s not immediately clear if there are any users who fell victim to the attack.

Decrypt reached out to both OpenSea and PeckShield for more comments on the matter and will update this story accordingly should we hear back.

Exploits targeting NFTs

This is not the first time hackers have targeted NFT-related Discord servers.

Last month, Bored Ape Yacht Club’s (BAYC) Discord channel was compromised by a phishing attack, resulting in ApeCoin, the governance token for the Bored Ape community, plummeting by more than 8%.

Later that same month, the BAYC’s official Instagram account was compromised as well, as users who fell for the scam had their NFTs stolen.

Stay on top of crypto news, get daily updates in your inbox.