OpenSea, the largest and most popular NFT platform in the world, said Friday that they were investigating a “potential vulnerability” in their Discord channel, asking users not to click on any links. The breach was promptly confirmed by multiple tweets from OpenSea Discord channel members.
The attack somewhat resembled a recent hack of the Bored Ape Yacht Club Instagram, whereby the attacker gained access to the account and began posting fraudulent links. Both the BAYC and OpenSea have yet to share how their accounts were breached.
Upon gaining access to the OpenSea Discord, the attackers fashioned a rogue bot and started publishing fake posts informing users that OpenSea was partnering with YouTube to ”bring their community into the NFT Space.” According to the fraudulent posts, people could now grab a free “mint pass” that would “allow holders to mint their project for free” and carry other “insane utilities.”
The scam itself sounded suspicious enough for most users to be wary of clicking, but the attackers then started reposting the same content, adding that the majority of the “free mint passes” were already gone, and eventually, some users did report lost NFTs.
At the time of writing, at least two NFTs have been labeled as “reported for suspicious activity.”