OpenSea Carl Bot Discord Hack Fake YouTube NFT

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

OpenSea Marketplace

OpenSea is one of the best known NFT marketplaces globally. They used the Carl Bot to assist with managing their Discord channel. Early in the morning on Friday, May 6th, their Discord channel was overtaken by Carl Bot and used to publish multiple phishing scam links, which announced a partnership with YouTube and encouraged users to mint rare NFTs with high utility. In the end, damages were reported at $26,903 USD. It's unclear if any of that has ever been recovered.

About Carl Bot

Discord is a social app that brings together like-minded people to discuss common interests[1]. Carl Bot is a digital assistant that can be added to a Discord server to manage tasks and automate various actions[1]. Carl-bot offers a wide range of features and benefits for role management, moderation, suggestions, automoderation, custom commands, welcome messages, and user engagement[2].It allows server owners to preset welcome messages, assign roles based on reactions, create custom commands, log activities, and perform other useful functions[1].

Carl Bot can save time and help marketers automate basic tasks, freeing them up to focus on other activities[1]. The bot offers features such as reaction role assigning, custom tags for personalized messages, advanced automoderation to prevent rule violations, activity logging to keep track of server actions, and preset messages for welcome, farewell, and ban messages[1]. In terms of moderation, Carl-bot offers powerful tools. It logs various events such as deleted messages, edited messages, purged messages, Discord invite links, member updates, and server updates[2]. It allows for the customization of logging channels to reduce clutter[2]. The bot also provides moderation commands, modlogs, a "drama channel" for rule violations, sticky roles to prevent evasion, and the ability to manage roles in bulk[2].

Carl-bot offers welcome messages, farewell messages, and ban messages[2]. It can send separate DMs upon joining and supports embeds and variables for personalized messages[2]. Additionally, it provides user engagement features such as a starboard, timed messages with optional role pings, Twitch notifications, role mentions without making roles mentionable, postcount tracking, and user information like join date and nickname history[2]. With its automod capabilities, Carl-bot can enforce rules related to bad links, spam, attachments, mentions, and inappropriate language. It allows customization of punishments and rate limits per rule, and can even delete certain file formats or enforce media-only channels[2]. Whitelisting roles and channels is also supported to exempt them from rule enforcement[2].

The bot supports powerful custom commands with variables, random lists, and the ability to create complex interactions[2]. Users can share their custom commands with others and execute commands with various options. Embeds are also supported[2]. Installing Carl Bot is a straightforward process, and it provides powerful automation features to enhance the Discord server management experience[1].

About OpenSea

"The world’s first and largest digital marketplace for crypto collectibles and non-fungible tokens (NFTs). Buy, sell, and discover exclusive digital items." "Discover, collect, and sell extraordinary NFTs. OpenSea is the world's first and largest NFT marketplace."

"As the first and largest marketplace for Non-Fungible Tokens and Semi-Fungible Tokens, OpenSea provides a first-in-class developer platform consisting of an API, SDK, and developer tutorials. Feel free to browse around and get acclimated with developing smart contracts and interacting with NFT data."

"Fascinated by the [CryptoKitties] movement that was forming, Devin Finzer and Alex Atallah joined early adopter communities in Discord and started talking to users. With the OpenSea beta launch in December 2017, the first open marketplace for any non-fungible token on the Ethereum blockchain was born."

"Valued at $13 billion in a recent funding round, OpenSea has become one of the most valuable companies of the NFT boom, providing a simple interface for users to list, browse, and bid on tokens without interacting directly with the blockchain."

New Partnership With YouTube

On May 6th, a new announcement appeared simultaneously on several OpenSea Discord servers.

"Important announcement: We have partnered with YouTube to bring their community into the NFT Space, and we're releasing a mint pass with them that will allow holders to mint their project for free along with getting other insane utilities for being a holder of it. You are able to get this mint pass below for 100% free. There will only be 100 of these however, once they are gone they won't be coming back and you will have to purchase off the Opensea market place. Congratulations to those who get one. You can mint the YouTube Genesis Mint Pass here for free: https://youtubenft.art/"


The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

"Several Discord servers for the NFT marketplace OpenSea were hacked Thursday night by a scammer promoting a fake project, the company said."

"Around 4:30AM ET on Friday [May 6th], the official Discord channel for OpenSea, the world’s largest NFT marketplace, joined the growing list of NFT communities that have exposed participants to phishing attacks." "A partnership with a site as large as YouTube would almost surely increase traffic, but OpenSea has not made any such announcements yet."

"The hacker's initial post, which was published in the announcements channel, claimed that OpenSea had “partnered with YouTube to bring their community into the NFT Space." It also said that they would c-release a mint pass with OpenSea that would allow holders to mint their project for free." "A screenshot shared Friday shows fake collaboration news, accompanied by a link to a phishing site."

"In this case, a bot made a fake announcement about OpenSea partnering with YouTube, enticing users to click on a “YouTube Genesis Mint Pass” link to snag one of 100 free NFTs with “insane utility” before they’d be gone forever, as well as a few follow-up messages. Blockchain security tracking company PeckShield tagged the URL the attackers linked, “youtubenft[.]art” as a phishing site, which is now unavailable."

"The spam messages originate from something called "Carl-Bot". Discord channels typically make use of bots for low-level admin duties, general assistance and so on. Carl-Bot itself is a common sight across Discord, with lots of time saving features. Sadly, spamming phish links is not supposed to be one of them." "If Carl-Bot was present in the channel prior to the compromise, its purpose has been changed and not for the better."


This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

Negative Reviews About Development Team

There are a wide range of reviews talking about the positive bot but negative team managing it[3][4].

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - OpenSea Carl Bot Discord Hack Fake YouTube NFT
Date Event Description
May 5th, 2022 3:40:05 PM MDT Attacker Wallet First Set Up The attacker first funds their wallet with a transfer of 0.072723306001490828 ETH[5]. As this happened more than 9 hours prior to the attack starting, these are likely the attacker's own funds.
May 6th, 2022 2:09:49 AM MDT Transfer of Cryptoboson NFTs The attacker successfully transfers Cryptoboson's Little Nightmares NFTs #1, #2, #3, and #4[6], all within the same block[7].
May 6th, 2022 2:19:20 AM MDT LackingTalent Tweets OpenSea Phishing Attack LackingTalent shares a screenshot of the OpenSea Discord channel with the phishing list present[8].
May 6th, 2022 2:34:00 AM MDT Serpent Twitter Warning Twitter user Serpent posts a warning on Twitter with a screenshot of the phishing attempt[9].
May 6th, 2022 2:36:38 AM MDT Transfer of NFTInit Founders NFT The final NFT transferred by the attacker[7] is transfered[10].
May 6th, 2022 2:43:00 AM MDT OpenSea Posts Twitter Update OpenSea announces that they are "currently investigating a potential vulnerability in our Discord" and "please do not click on any links in the[ir] Discord"[11].
May 6th, 2022 2:44:00 AM MDT Wu Blockchain Tweeting Phishing Wu Blockchain tweets about the attack and a screenshot of the phishing attack[12].
May 6th, 2022 3:17:00 AM MDT Peckshield Alert Posted Peckshield posts an alert to Twitter along with screenshots of the hacked Discord account[13]. "#PeckShieldAlert #phishing @opensea discord is exploited, youtubenft[.]art is the phishing site. Do *NOT* fall prey to it!"
May 6th, 2022 3:42:01 AM MDT The Block Publishes Article The Block reports that OpenSea's Discord server was hacked to promote a scam involving an NFT mint pass, according to reports and tweets from users and security firm PeckShield. OpenSea acknowledged the incident and stated that it was investigating a potential vulnerability in its Discord. The scam message advertised a collaboration with YouTube and directed users to a phishing website disguised as YouTube's official site. The announcement was made in the announcements channel, which has now been hidden. OpenSea confirmed that fewer than 10 wallets were impacted, resulting in the theft of items valued at less than 10 ETH ($27,000). Similar attacks targeting Discord servers have been observed in the NFT space, including the recent hacking of the Bored Ape Yacht Club's Discord server and Instagram account[14].
May 6th, 2022 3:58:48 AM MDT Finbold Article Published Finbold reports that OpenSea fell victim to a hack in its Discord channel. The hackers posted a fake announcement claiming a partnership with YouTube and offering a limited number of free mint passes for an NFT project. The announcement included a link to a phishing site. OpenSea has not made any official partnership announcements with YouTube. The hackers also altered the Discord channel to show that 80% of the mint passes had been sold. Similar hacks targeting NFT communities have occurred in the past, including the Bored Ape Yacht Club Discord channel. OpenSea is investigating the incident and has hidden the affected channel from users[15].
May 6th, 2022 4:21:00 AM MDT OpenSea Twitter Warning A tweet by OpenSea notes that they are "continuing to investigate this situation and will share information as we have it", and recommends users to "not click links in [thei]r Discord"[16]. TBD original tweet?
May 6th, 2022 4:35:00 AM MDT BoredBrosCom Reports Two NFTs Stolen Twitter user BoredBrosCom (later renamed to BoredMetaverse reports that two of their NFTs have been stolen in the attack[17]. They include links to Pine Pieces Genesis NFTs #137[18] and #138[19] on OpenSea.
May 6th, 2022 5:31:24 AM MDT Business Today Article Business Today reports that the Discord server of OpenSea, a popular NFT marketplace, was hacked, according to a tweet from the platform. OpenSea acknowledged the incident and stated that they were investigating the vulnerability. Users were warned to exercise caution and avoid clicking on any links. The issue was initially flagged by several users on Twitter, including a crypto influencer known as Serpent. Cybersecurity firm Peck Shield also identified the vulnerability. The hackers utilized the hack to promote a scam NFT mint, announcing a partnership with YouTube and redirecting users to a phishing site disguised as YouTube. The fraudulent activity has been confirmed by PeckShield[20].
May 6th, 2022 5:51:07 AM MDT CoinTelegraph Article Published CoinTelegraph publishes an article about the attack[21]. "The hacker's initial post, published in the announcements channel, claimed that OpenSea had “partnered with YouTube to bring their community into the NFT Space." It also said that they would c-release a mint pass with OpenSea that would allow holders to mint their project for free." "It appears that the intruder was able to stay on the server for a considerable length of time before OpenSea staff was able to regain control." "On-chain data shows 13 wallets that seem to have been compromised as of writing, with the most valuable stolen NFT being a Founders' Pass worth around 3.33 ETH or $8,982.58.[22]"
May 6th, 2022 7:07:13 AM MDT FXEmpire Article Published FXEmpire publishes an article reporting that Opensea, a popular NFT marketplace, has confirmed that its Discord server was hacked, leading to spambots posting links to limited YouTube NFTs. The hack was verified by blockchain security accounts PeckShieldAlert and Serpent. The hackers used a phishing website titled "yoytubenft.art" to trick users into thinking the NFTs were limited and valuable. Opensea warned users not to click on any links in their Discord server and stated that they are investigating the situation. This is not the first time Opensea has experienced a hack, as earlier this year, users lost approximately $1.7 million worth of NFTs in a phishing attack. The incident follows similar hacks on social media accounts of NFT projects like the Bored Ape Yacht Club. Investors are urged to be cautious and differentiate between fake and genuine announcements to protect themselves from scams[23].
May 6th, 2022 7:14:00 AM MDT The Verge Article Published The Verge publishes an article about the attack. It lists some high level details about the attack, the time of the attack as "4:30am ET", and provides some links to find additional information[24]. TBD Check for more information.
May 6th, 2022 8:23:42 AM MDT Vice News Article Published Vice News reports that scammers hacked the official Discord server of OpenSea, a popular NFT marketplace, and tricked users into visiting a fake website that resembled YouTube. The scam message advertised a "YouTube Genesis Mint Pass" and directed users to a website called "youtubenft.art." Some users reported that their NFTs were stolen as a result. The stolen NFTs were transferred to a wallet address, along with a small amount of ETH. OpenSea's support Twitter account confirmed the potential vulnerability and urged users not to click on any links in the Discord. This incident adds to a series of hacks and scams targeting Discord, including previous attacks on major crypto projects and blue-chip NFT collections like Bored Ape Yacht Club[25].
May 6th, 2022 10:45:00 AM MDT Fortune Article Published Fortune publishes an article that "[n]ot even crypto’s biggest names are safe as NFT marketplace OpenSea’s Discord channels infiltrated by a hacker promoting a scam drop"[26].
May 6th, 2022 11:51:55 AM MDT Decrypt Article Published Decrypt publishes an article with some further details[27]. Attackers used the exploit to promote a scam within OpenSea's Discord server, claiming a partnership with YouTube for an NFT project. Screenshots of the scam were shared, showing the announcement of a mint pass offered in collaboration with YouTube. Security firm PeckShield confirmed the exploit and identified the link as a phishing site. At that time, it was reportedly unclear if any users were affected by the attack, and OpenSea was actively investigating the situation.
May 6th, 2022 MalwareBytes Blog Post MalwareBytes publishes a blog post about the exploit. OpenSea, the leading marketplace for NFTs, has experienced a security issue in its Discord support channel, where spambots posted phishing links. OpenSea Support warned users not to click any links in the Discord due to a potential vulnerability. The spam messages originated from a bot called "Carl-Bot," which is commonly used for administrative tasks. However, in this case, it was being used to promote a fake partnership with YouTube and a limited-time NFT minting offer. The scam aimed to take advantage of FOMO (fear of missing out) and the growing interest in NFTs. The scam site associated with the phishing attempt has been blocked by security software. To protect against such scams, users are advised to exercise caution, use 2FA and a password manager, and safeguard their cryptocurrency by keeping private keys and recovery phrases offline[28].
May 20th, 2022 1:00:18 AM MDT Mentioned In MEE6 Article The situation received honourable mention in an article about the MEE6 hack[29].
May 30th, 2022 10:12:00 AM MDT Mentioned In NFTherder Summary The situation is included in the summary list provided by NFTherder[30].

Technical Details

[31] TBD blockchain exploration into timeline.

[7]

"Initial reports suggest that the intruder used webhooks to access server controls. A webhook is a server plugin that allows other software to receive real-time information. Webhooks have been used increasingly as an attack vector by hackers because they provide the ability to send messages from official server accounts."

Total Amount Lost

"[H]ackers stole a relatively smaller bounty of $26,903." "On-chain data shows 13 wallets that seem to have been compromised as of writing, with the most valuable stolen NFT being a Founders' Pass worth around 3.33 ETH or $8,982.58."

Several NFTs were taken by the attacker throughout the incident[7].

  • Cryptoboson's Little Nightmares #1
  • Cryptoboson's Little Nightmares #2
  • Cryptoboson's Little Nightmares #3
  • Cryptoboson's Little Nightmares #4[6]
  • Coniun Pass: CPASS Token
  • Unemployables: UNE Token
  • Pine Pieces Genesis #136
  • Pine Pieces Genesis #137
  • FortuneDao #111[32]
  • FortuneDao #184[33]
  • The Otherside: OTHR Token
  • NFTinit Founders: INIT Token[10]

The total amount lost has been estimated at $27,000 USD.

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?[9][16]

"The issue came to light when several users flagged the matter on Twitter. Crypto influencer, who goes by the name Serpent on Twitter, flagged the issue first." "The breach was first publicized on Twitter by "Serpent," the pseudonymous developer of Sentinel, which is software for detecting Discord hacks aimed at crypto investors." "An OpenSea spokesperson said in a statement to Fortune that the company has taken actions against the scammer or scammers and hasn’t seen any malicious posts since 4:30 a.m. ET. Less than 10 digital wallets were affected, and the NFTs stolen were worth less than 10 Ether, or about $26,903, as of Friday, they added."

"We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord," tweeted OpenSea on Friday. "Do not click links in our Discord. We are continuing to investigate this situation and will share information as we have it."

"PeckShieldAlert posted the image of the same website with an alert warning people of the possible attempt by hackers to steal their private key, tricking users into giving them token approval and/or buying scam tokens."

"We noticed the malicious links soon after they were posted and took immediate steps to remedy the situation, including removing the malicious bots and accounts. We also alerted our community via our Twitter support channel to not click any links in our Discord,” an OpenSea spokesperson said.

"OpenSea told Fortune that it was actively investigating the hack on its Discord and would keep its community updated with new information." In a statement to The Verge, OpenSea spokesperson Allie Mack confirmed the incident, saying, “Last night, an attacker was able to post malicious links in several of our Discord channels. We noticed the malicious links soon after they were posted and took immediate steps to remedy the situation, including removing the malicious bots and accounts. We also alerted our community via our Twitter support channel to not click any links in our Discord. We have not seen any new malicious posts since 4:30am ET.”


"A few users in OpenSea's discord said that NFTs were stolen from them." "My two nfts have been stollen because of this hack." "[M]y two [NFT]s stollen. [The ]thief's address [is] 0x5Bf15Af9B432b3ea4bbF5B219A77b788CE83d113[. W]here is the support?" one user wrote, tagging a community manager. "The thief's OS account and nfts in his account seems have not been marked yet. please stop slow mode." "OpenSea said that it was aware of fewer than 10 wallets that were impacted and that some items were stolen, adding up to a total value of less than 10 ETH ($27,000)."

"The wallet address identified by that user and another who said they had NFTs stolen from them had 13 NFTs transferred to it on Friday morning—none from high-value collections—worth just under $20,000 if the stolen NFTs are sold at their collections' floor price. It also holds $93.50 in ETH. The address has not been marked on Etherscan as a phishing address, and Motherboard could not verify it beyond Discord users' reports."

"The site right now is a blank page save for mention of a Twitter account, which has no content or likes posted to it. It could be the calling card of whoever did this, or it could be misdirection on the part of the site owner. Either way, Malwarebytes blocks the URL in question." "The site has since been wiped and currently only displays text reading: "@allah on Twitter." That account was created in February, has no tweets, and is following no-one."

Sharing At The Time

[8]

looks like an #opensea mod got phished/or someone got webhook perms somehow don't mint, remove site/go to unrekt app if you clicked

OpenSea Twitter Announcements

[11]

We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord.

BoredBrosCom/BoredMetaverse Tweet Reporting Theft

BoredBrosCom (later renamed to BoredMetaverse) report the theft on Twitter[17].

My two nfts have been stollen because of this hack.

https://opensea.io/assets/0xacadb3c6290392f59f45dddacca8add2cec24366/136…

https://opensea.io/assets/0xacadb3c6290392f59f45dddacca8add2cec24366/137…

thief's address 0x5Bf15Af9B432b3ea4bbF5B219A77b788CE83d113

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?


"While the messages and phishing site are already gone, one person who said they lost NFTs in the incident pointed to this address on the blockchain as belonging to the attacker, so we can see more information about what happened next. While that identity has been blocked on OpenSea’s site, viewing it via Etherscan.io or a competing NFT marketplace, Rarible, shows 13 NFTs were transferred to it from five sources around the time of the attack. They’re now also reported on OpenSea for “suspicious activity” and, based on their prices when last sold, appear to be worth a little over $18,000."

“Our preliminary analysis indicates that the attack had limited impact,” an OpenSea spokesperson said.

Delisting On OpenSea

OpenSea appears to have delisted the NFTs involved in the theft[34][35].

Total Amount Recovered

The total amount recovered is unknown.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

NFT traders can avoid falling victim to such fraud by not making rushed decisions, double checking any promotions against multiple sources, and avoiding any mints that seem to be too good to be true.

Any time that you are promised any profit or benefit in exchange for an initial payment, smart contract approval, or deposit, pay special care as to whether the entity making that offer is trustworthy, actually who they say they are, and has the means to fulfill what they're promising. There are no magic algorithms providing guaranteed returns from trading or mining. Trading on average will lose money. Mining is expensive and complex. No one is going to immediately send back more than you sent them. NFT projects will rarely announce a surprise mint in only a single location. Are you fully prepared for the event your money is kept and nothing is delivered in return?

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Discord Server Security Review

The primary issue was related to the security of the Discord server, which granted additional unnecessary permissions to the Carl Bot. Careful consideration needs to be given to the access level of every bot employed on a Discord server.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

Ensuring Community Safety Knowledge

Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.

Industry Insurance Fund Setup

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 What is Carl Bot - Everything You Need to Know (Nov 25, 2022)
  2. 2.00 2.01 2.02 2.03 2.04 2.05 2.06 2.07 2.08 2.09 2.10 Carl-bot Dashboard Homepage (Jun 20, 2023)
  3. Add Carl-bot Discord Bot - Top.gg (Jun 20, 2023)
  4. Kerdaloo - Stop suggesting Carl Bot and YAGPDB as alternative bots - Reddit (Jun 20, 2023)
  5. Transfer of 0.072723306001490828 ETH to Attacker Wallet - Etherscan (Jun 16, 2023)
  6. 6.0 6.1 Theft Of Cryptoboson NFT #4 - Etherscan (Jun 16, 2023)
  7. 7.0 7.1 7.2 7.3 Transactions In Attacker's Wallet - Etherscan (Jun 16, 2023)
  8. 8.0 8.1 lackingtalent - "looks like an #opensea mod got phished/or someone got webhook perms somehow don't mint, remove site/go to unrekt app if you clicked" - Twitter (Nov 25, 2022)
  9. 9.0 9.1 Serpent - "OPENSEA DISCORD IS HACKED" - Twitter (Nov 25, 2022)
  10. 10.0 10.1 https://etherscan.io/tx/0xe6951031dd423ecc0f52dc80cf4c9e5661f31920a346e732ebffc2874dc63554 (Jun 16, 2023)
  11. 11.0 11.1 OpenSea Support - "We are currently investigating a potential vulnerability in our Discord, please do not click on any links in the Discord." - Twitter (Nov 25, 2022)
  12. WuBlockchain - "The official OpenSea Discord was hacked and posted a link to a phishing site in partnership with youtube. On April 1st, a large number of blue-chip NFT DISCORDs were hacked and posted phishing links." - Twitter (Nov 25, 2022)
  13. PeckShieldAlert - "#PeckShieldAlert #phishing @opensea discord is exploited, youtubenft[.]art is the phishing site. Do *NOT* fall prey to it!" - Twitter (Nov 25, 2022)
  14. OpenSea Discord server hacked to promote scam NFT pass - The Block (Nov 25, 2022)
  15. Warning: OpenSea Discord hacked using a YouTube phishing site link - FinBold (Nov 25, 2022)
  16. 16.0 16.1 opensea_support - "Do not click links in our Discord. We are continuing to investigate this situation and will share information as we have it." - Twitter (Nov 25, 2022)
  17. 17.0 17.1 BoredBrosCom - "My two nfts have been stollen because of this hack." - Twitter (Nov 25, 2022)
  18. Pine Pieces Genesis NFT #137 - Coinbase NFT (Jun 15, 2023)
  19. Pine Pieces Genesis #136 NFT - Coinbase NFT (Jun 15, 2023)
  20. OpenSea Discord hacked; Hackers promote scam NFTs - BusinessToday (Nov 25, 2022)
  21. OpenSea Discord server hacked, users warned to be vigilant of phishing scams - CoinTelegraph Archive May 6th, 2022 5:51:07 AM MDT (Apr 17, 2023)
  22. OpenSea Discord server hacked, users warned to be vigilant of phishing scams (Nov 25, 2022)
  23. Opensea Confirms Discord Hack As Spambots Promote "YouTube" NFTs - FXEmpire (Nov 25, 2022)
  24. Hackers hijacked the OpenSea Discord with a fake YouTube NFT scam - The Verge (Nov 25, 2022)
  25. OpenSea Discord Hacked, NFTs Stolen Using Fake YouTube Site - Vice News (Nov 25, 2022)
  26. OpenSea Discord groups hacked with NFTs worth about $27,000 stolen | Fortune (Jul 17, 2022)
  27. OpenSea Suffers Discord Exploit Promoting YouTube NFT Scam - Decrypt (Nov 25, 2022)
  28. OpenSea warns of Discord channel compromise - MalwareBytes (Nov 25, 2022)
  29. Hackers Use Discord Bot to Infiltrate NFT Channels in Phishing Attack - VPNOverview (Nov 24, 2022)
  30. NFTherder - "In May, 70 discords got exploited including big projects" - Twitter (Nov 24, 2022)
  31. Address 0x5Bf15Af9B432b3ea4bbF5B219A77b788CE83d113 | Etherscan (Nov 25, 2022)
  32. https://etherscan.io/tx/0x409e251050de86973bd461dce4f89c59454b1e0b1de7c5f7c47435840f68634f (Jun 16, 2023)
  33. https://etherscan.io/tx/0xa1aee748dae1261f83f73e0fa51780402a6630770308f3bcc9122eefd73bae86 (Jun 16, 2023)
  34. 404 Not Found For Pine Pieces Genesis NFT #137 - OpenSea (Nov 25, 2022)
  35. 404 Not Found For Pine Pieces Genesis NFT #138 - OpenSea (Nov 25, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=OpenSea_Carl_Bot_Discord_Hack_Fake_YouTube_NFT&oldid=4635"