The phishing link that was posted claimed that OpenSea had partnered with YouTube to bring the latter’s community into the NFT space. It said that it would be releasing a “YouTube Genesis Mint Pass” that would allow for the generation of free NFTs.
Obviously, this was a bogus link hoping to get information from unwary users. Officials from the platform have not talked about the incident yet, and it is unclear if any users have actually lost assets. One user has said that he indeed lost one NFT, but there has been no official confirmation from the team.
The particular channel that the links were posted on seems to have been removed. Discussions are currently going on in the community about the incident, and a report from the team would offer a clearer picture.
As one user pointed out, anything can be used to gain access to a wallet, and it’s not the case that you need to offer passwords or private keys. Projects now have to contend with this threat of impersonation and need to monitor their socials 24×7.
NFTs Seem Like They Will Also Be Major Hacking Target
This is not the first time that hackers have targeted the social platforms of an NFT project. Bored Ape Yacht Club has seen both its Discord server and Instagram page hacked, which resulted in NFTs being stolen. Hackers are finding new ways to steal funds, and posting phishing links to trick holders by saying they can mint NFTs.
Indeed, this is not the first time that OpenSea itself has had its Discord targeted. Its server has seen attackers pose as support staff, asking users for account access by pretending to help them with issues.
Sadly, these kinds of attacks persist in the NFT space and some individuals continue to fall for it. The amount of funds flowing into NFT projects has made it a prime target for hackers, who clearly have had a lucrative time of it and so employ these tactics.
Source: Read Full Article