Breaking: NFT Behemoth OpenSea Reports Data Breach
- According to Opeansea, all users must not sign any wallet transaction related to their mail and must desist from downloading anything from any related mail sent to them.
Following the alleged leaking of its customers’ emails to a third party, Opensea, a leading NFT marketplace has warned users to be wary of phishing emails. Opensea gave the warning in a tweet relayed via its verified handle on Thursday. As observed, the NFT marketplace claimed it received intelligence that one of the Customer.io employees leaked the data to a third party.
Notably, Customer.io is a platform that manages email newsletters and campaigns for businesses.
OpenSea Fires Warnings Shot
Opensea says all users who had in the past shared their respective email addresses with the outlet are vulnerable to this threat. According to the NFT venture, the security breach occasioned by the leaking of emails tends to expose its users to some fraudulent players.
The marketplace says malicious persons may explore the email details in reaching its customers with domains similar to Opensea.io, such as OpenSea.org or Opensea.xyz. It, however, urged users to be very vigilant and not fall into such malicious acts.
In addition, Opensea reiterates its commitment to working with Customer.io in its ongoing investigation. The platform says the incident has been reported to law enforcement agencies.
The NFT marketplace, however, shared some safety tips for its users to observe in avoiding vulnerability to the threat. According to Opeansea, all users must not sign any wallet transaction related to their mail and must desist from downloading anything from any related mail sent to them.
More so, the platform wants them to keep their passwords safe and private to avert vulnerability to the threat.
NFT Hacks on the Rise
Regrettably, the NFT industry has continued to witness numerous cases of security breaches since its boom in 2021. Barely three months ago, a security breach led to the pilfering of approximately 60 Ether (ETH) worth of NFTs from Arthur0x, the founder of DeFiance Capital.
As reported, the siphoned funds were then sold on OpenSea. In April, Yuga Labs, the developer of the Bored Ape Yacht Club non-fungible tokens suffered a hacking attack that resulted in huge losses.
As reported, the exploiter gained unauthorized access to the Instagram account of BAYC and consequently sent a phishing post to users. Many of the users reportedly clicked on the link attached to the phishing post which abruptly connected their crypto wallets to the hacker’s “smart contract”. With this, the hacker pilfered four Bored Apes and NFTs estimated at $3m.
More so, Hubspot endured the same fate in March, a development that affected BlockFi, Swan Bitcoin, NYDIG, and Circle. Findings of the exploitation revealed that the names, phone numbers, and email addresses of users of these platforms were leaked to an outside party.
Now, the leaking of the emails belonging to Opensea users further justifies the weakness of the Email newsletter management platforms and Customer Relationship Management (CRM) software in crypto and NFT-oriented firms.
A 2022 Crypto Crime Report by Chainalysis submitted that the aggregate worth of stolen funds relayed to NFT marketplaces by malicious addresses skyrocketed in 2021. The report decried the persistent increase in pilfered funds sent to NFT marketplaces.