OpenSea , the Non-Fungible Tokens (NFT) market again suffered a cyberattack, however, this time it involved Discord , where a massive phishing attack was carried out against several users who clicked on a link that led to claim a supposed free NFT.
It was during the early hours of May 6 that a hack was made to the company’s official Discord channel where a false announcement was made about an alleged association between OpenSea and YouTube in which they were giving away 100 NFT’s to the first ones who clicked . in a link to claim the prize.
Supposedly the “YouTube Genesis Mint Pass” link that allows you to obtain the tokens, which would have a “great utility” and could not be claimed later. Faced with the tempting offer launched on the official Discord channel, many users clicked. Unfortunately it was a case of phishing that hackers were running after taking control of the account.
Due to the incident OpenSea alerted their followers on their verified Twitter account not to click on any links on their Discord channel and that they were investigating the situation.
“Don’t click on links on our Discord. We are continuing to investigate this situation and will share information as we have it.”
Although the malicious link of free NFT’s and others that they placed on OpenSea’s Discord channels were up for a considerable time, according to Xataka , less than 10 wallets were affected with stolen items , for an amount less than 10 ETH (about US 27 One thousand dollars).
At the time of the attack a total of 13 NFT’s were transferred from five sources , which were classified by OpenSea as suspicious activity.
The link the victims were being redirected to was: “youtubenft.art”. In these cases, never forget that before clicking on any site you have to hover over it to see the address, because if it looks strange or does not end the way it usually would, in this case “.com” , it is best not to enter them because they could be phishing sites.
According to The Verge , he said that the messages posted on the official OpenSea Discord are no longer available and that the phishing site is down.
After the events that occurred, the NFT’s platform pointed out that the majority of fraud and phishing attacks are through private messages. He also recommended being careful with friend requests.
“The most popular Discord servers on web3 have direct messages disabled by default. But be on the lookout for new friend requests in existing conversations (they may be from compromised users).”
Third, it said that it does not advise clicking on unknown links or downloading unexpected files. “This advice is as old as the Internet but is just as relevant to web3. Clicking on either of these is compromising the device and personal information.
He said receiving 2FA via SMS is a potential risk vector if your phone’s SIM card has been compromised. “ It’s best to use a timestamp-based method of 2FA with apps like Google Authenticator.”
Finally, OpenSea advises using multiple accounts and electronic devices. He said that multiple Discord accounts can now be managed on a single gadget. He also said that only one device can be used for Discord. “For example, you can install Discord on an older smartphone and log into your Discord account through your browser.”
Rachel Maga is a technology journalist currently working at Globe Live Media agency. She has been in the Technology Journalism field for over 5 years now. Her life’s biggest milestone is the inside tour of Tesla Industries, which was gifted to her by the legend Elon Musk himself.